My site uses a php function to tweet an update whenever an event occurs. Right now I'm using the classic login technique, so the username and password for the associated Twitter account are just hard-coded in. The function looks like this:
function sendTweet($msg)
{
$username = 'username';
$password = 'password';
$url = 'http://twitter.com/statuses/update.xml';
$curl_handle = curl_init();
curl_setopt($curl_handle, CURLOPT_URL, "$url");
curl_setopt($curl_handle, CURLOPT_CONNECTTIMEOUT, 2);
curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl_handle, CURLOPT_POST, 1);
curl_setopt($curl_handle, CURLOPT_POSTFIELDS, "status=$msg");
curl_setopt($curl_handle, CURLOPT_USERPWD, "$username:$password");
$buffer = curl_exec($curl_handle);
curl_close($curl_handle);
}
I'd like to rewrite it to use OAuth, mostly to avoid problems down the road when classic login is deprecated, but also so that it will use the name of my application instead of "from API" after every tweet.
All the examples I can find involve creating an authentication system, which sends the user to twitter.com to approve the authentication request, then sends them back to the originating site with an appropriate token. For my application though there's only one twitter account and it doesn't belong to the user who initiates the action (who may not even know or care that he is initiating a tweet).
So how do I do this? The best option I can think of is to build a one-time-use script which will let me request an access token, then hard code that token into the sendTweet function. That seems like a lot of overkill for such a simple application, and it creates a potential problem down the road if Twitter ever expires the access token. The docs say they probably never will, but that applications should be designed to handle it gracefully if they do.
Does anyone have experience with a project like this? Is there a simpler and more graceful way to do it?