Tag Archive oauth

OAuth Benutzer – bitte lesen!

3. Juli 2017 Kommentare deaktiviert für OAuth Benutzer – bitte lesen! By webpirat

Wenn ihr OAuth oder OAuth2 in euren Applikationen nutzt um bspw. einen Facebook Login zu realisieren solltet ihr unbedingt hier nachlesen:

OAuth 2.0 Threat Landscapes

, , , , , , , , , ,

resolved – twitter api image upload

20. Februar 2014 Kommentare deaktiviert für resolved – twitter api image upload By webpirat

wer auch per twitter api posts senden will, hat evtl. auch schonmal mit dem gedanken gespielt, images gleich mit hochzuladen.
hier die syntax die tatsächlich funktioniert. api url ist in allen fällen https://api.twitter.com/1.1/

    public function updateStatusWithImage($title, $link, $desc, $img)
    {
        if(empty($img))
        {
            return $this->updateStatus($title, $link, $desc);
        }

        $status = $title.PHP_EOL.PHP_EOL.$link;
        $params = array( 
           'media[]' => '@'.$img,
           'status'   => $status
        );

        return $this->send('statuses/update_with_media.json', 'POST', $params);
    }

der vollständigkeit halber die ganze klasse (kohana style)

<?php defined('SYSPATH') OR die('No direct script access.');

class Gtwitter
{
    protected $api_url;
    protected $oauth_access_token;
    protected $oauth_access_token_secret;
    protected $consumer_key;
    protected $consumer_secret;

    public function __construct()
    {
        $twitter_config                     = Kohana::$config->load('gtwitter');
        $this->api_url                      = $twitter_config->get('api_url');
        $this->oauth_access_token           = $twitter_config->get('access_token');
        $this->oauth_access_token_secret    = $twitter_config->get('access_token_secret');
        $this->consumer_key                 = $twitter_config->get('consumer_key');
        $this->consumer_secret              = $twitter_config->get('consumer_secret');
    }

    public function getCredentials()
    {
        return $this->send('account/verify_credentials.json');
    }

    public function getTimeline()
    {
        return $this->send('statuses/user_timeline.json');
    }

    public function getFriends()
    {
        return $this->send('friends/list.json');
    }

    public function getFollowers()
    {
        return $this->send('followers/list.json');
    }

    public function updateStatus($title, $link, $desc)
    {
        $status = $title.PHP_EOL.PHP_EOL.$link;
        return $this->send('statuses/update.json', 'POST', array('status' => $status));
    }

    public function updateStatusWithImage($title, $link, $desc, $img)
    {
        if(empty($img))
        {
            return $this->updateStatus($title, $link, $desc);
        }

        $status = $title.PHP_EOL.PHP_EOL.$link;
        $params = array( 
           'media[]' => '@'.$img,
           'status'   => $status
        );

        return $this->send('statuses/update_with_media.json', 'POST', $params);
    }

    protected function buildBaseString($base_uri, $method, $params)
    {
        $retval = array();
        ksort($params);
        foreach($params as $key=>$value)
        {
            $retval[] = $key . '=' . rawurlencode($value);
        }
        return $method . '&' . rawurlencode($base_uri) . '&' . rawurlencode(implode('&', $retval));
    }

    protected function buildAuthorizationHeader($oauth)
    {
        $retval = 'Authorization: OAuth ';
        $values = array();
        foreach($oauth as $key=>$value)
        {
            $values[] = $key . '="' . rawurlencode($value) . '"';
        }
        $retval .= implode(', ', $values);
        return $retval;
    }

    protected function getOAuth()
    {
        return array(
            'oauth_consumer_key'        => $this->consumer_key,
            'oauth_nonce'               => time(),
            'oauth_signature_method'    => 'HMAC-SHA1',
            'oauth_token'               => $this->oauth_access_token,
            'oauth_timestamp'           => time(),
            'oauth_version'             => '1.0'
        );
    }

    protected function send($url, $method = 'GET', $params = array())
    {
        $url                        = $this->api_url.$url;
        if($method == 'GET' && !empty($params))
        {
            $url                    = $url.'?'.http_build_query($params);
        }
        $oauth                      = $this->getOAuth();
        $base_info                  = $this->buildBaseString($url, $method, $oauth);
        $composite_key              = rawurlencode($this->consumer_secret) . '&' . rawurlencode($this->oauth_access_token_secret);
        $oauth_signature            = base64_encode(hash_hmac('sha1', $base_info, $composite_key, true));
        $oauth['oauth_signature']   = $oauth_signature;

        // do curl
        $header                         = array($this->buildAuthorizationHeader($oauth), 'Expect:');
        $opt                            = array();
        $opt[CURLOPT_HTTPHEADER]        = $header;
        $opt[CURLOPT_HEADER]            = false;
        $opt[CURLOPT_URL]               = $url;
        $opt[CURLOPT_RETURNTRANSFER]    = true;
        $opt[CURLOPT_FOLLOWLOCATION]    = true;
        $opt[CURLOPT_SSL_VERIFYPEER]    = false;
        if($method == 'POST')
        {
            $opt[CURLOPT_POST]          = true;
            $opt[CURLOPT_POSTFIELDS]    = $params;
        }

        $feed = curl_init();
        curl_setopt_array($feed, $opt);
        $json = curl_exec($feed);
        curl_close($feed);

        return json_decode($json, true);
    }

}

, , , , , , , , ,