Search code examples
phpcurltwitteroauthauthorization

twitter authorization using php Http_request

i really need your help.

I'm trying to get request token from twitter with php NOT using cURL.

my first try was using fsockopen.

$fp = fsockopen("ssl://api.twitter.com", 443) or die ("unable to open socket");

then, i made HTTP POST header as below.

$auth = "oauth_callback="http%3A%2F%2Fmydomain.org%2F~myID%2Ftwt-oauth%2Fcallback.php", oauth_consumer_key="ExmfrhvgMkUmwzGKCg5FQw", oauth_nonce="da4dfa747b27d83c9bbda69452a87bee", oauth_signature="L9ucYZUfKQ%2BRkp1FQNbzEXXrl1w%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1319451330", oauth_version="1.0" ";


$msg = "POST /oauth/request_token HTTP/1.1 \r\n";
$msg .= "Host: api.twitter.com \r\n";
$msg .= "Authorization: Oauth " . $auth . "\r\n";
$msg .= "Connection:Keep-Alive \r\n\r\n";
$bytes = fwrite($fp, $msg);

the result was 

HTTP/1.1 401 Unauthorized
Date: Mon, 24 Oct 2011 10:15:30 GMT
Server: hi
Status: 401 Unauthorized
X-Transaction: 1319451330-75511-27215
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 24 Oct 2011 10:15:30 GMT
X-Runtime: 0.00602
Content-Type: text/html; charset=utf-8
Content-Length: 44
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 6301c02e82f43071b60e91cc31326d5354818c83
Set-Cookie: k=143.248.234.102.1319451330738600; path=/; expires=Mon, 31-Oct-11 10:15:30 GMT; domain=.twitter.com
Set-Cookie: guest_id=v1%3A131945133074814112; domain=.twitter.com; path=/; expires=Wed, 23-Oct-2013 22:15:30 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCL2IbTUzAToHaWQiJWEyZDlhNjMzYWJmMmNh%250ANmE2NDU1OTMyMzQ2MWY4MTkxIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--f5d5dc205f414bd74c0270e9610712ad1e04d2ee; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive

Failed to validate oauth signature and token

i don't know why... do i need to base64_encode or urlencode $auth? (then, how?)
value of $auth above is what i copied and pasted from log. (is it possible to have problem with quot "" ?)

i tried Http_request quite simple, then.

$httpReq = new HTTP_Request("https://api.twitter.com/oauth/request_token");
$httpReq->setMethod(HTTP_REQUEST_METHOD_POST);
$httpReq->addHeader("Authorization", $auth);
$res = $httpReq->sendRequest();

then, $res->getMessage() is "Failed to validate oauth signature and token" the same as the first try above.

what's the problem?

i'm stuck here quite long time... really need help..

i added code of cURL-used version.. i want the same result of it...

  function http($url, $method, $postfields = NULL) {

//
    $this->http_info = array();
    $ci = curl_init();
    // Curl settings 
    curl_setopt($ci, CURLOPT_USERAGENT, $this->useragent);
    curl_setopt($ci, CURLOPT_CONNECTTIMEOUT, $this->connecttimeout);
    curl_setopt($ci, CURLOPT_TIMEOUT, $this->timeout);
    curl_setopt($ci, CURLOPT_RETURNTRANSFER, TRUE);
    curl_setopt($ci, CURLOPT_HTTPHEADER, array('Expect:'));
    curl_setopt($ci, CURLOPT_SSL_VERIFYPEER, $this->ssl_verifypeer);
    curl_setopt($ci, CURLOPT_HEADERFUNCTION, array($this, 'getHeader'));
    curl_setopt($ci, CURLOPT_HEADER, FALSE);

    switch ($method) {
      case 'POST':
        curl_setopt($ci, CURLOPT_POST, TRUE);
        if (!empty($postfields)) {
          curl_setopt($ci, CURLOPT_POSTFIELDS, $postfields);
        }    
        break;
      case 'DELETE':
        curl_setopt($ci, CURLOPT_CUSTOMREQUEST, 'DELETE');
        if (!empty($postfields)) {
          $url = "{$url}?{$postfields}";
        }    
    }    

    curl_setopt($ci, CURLOPT_URL, $url);
    $response = curl_exec($ci);
    $this->http_code = curl_getinfo($ci, CURLINFO_HTTP_CODE);
    $this->http_info = array_merge($this->http_info, curl_getinfo($ci));
    $this->url = $url;
    curl_close ($ci);
    //   

    return $response;
  }

  /**  
   * Get the header info to store.
   */
  function getHeader($ch, $header) {
    $i = strpos($header, ':');
    if (!empty($i)) {
      $key = str_replace('-', '_', strtolower(substr($header, 0, $i)));
      $value = trim(substr($header, $i + 2)); 
      $this->http_header[$key] = $value;
    }    
    return strlen($header);
  }
Solution

  • See if you get anywhere using my HTTP request class, which uses fsockopen() - it is thoroughly tried and tested (by me). Does not currently have native support for Oauth, but you should be able to set the header manually with HTTPRequest::setRequestHeader(). You may need to rename the class if you have the native HTTPRequest class installed - I originally wrote it for use in a PHP4 environment where I had no stream support and no control over the installed extensions.

    Documented in comments at the top of the file.