For reasons beyond my control I am using PHP4 to write a twitter client. Requests don't work properly - I am having a tough time seeing what's wrong. Any ideas?
I have grabbed the code and banged it in a very simple script here to illustrate essentially what's going on. I've hidden OAuth keys for security purposes.
<?php
$requestTokenURL = 'https://api.twitter.com/oauth/request_token';
$consumerKey = 'fLxA6J1111111111PnvVOg';
$consumerSecret = 'H5QxDHAOHn1111111111111Ozet1HRTtVAV1FM3oYk';
$callbackURL = 'http://www.example.com';
$signature = 'POST&' . urlencode($requestTokenURL) . '&';
$auth_params = array(
'oauth_callback' => $callbackURL,
'oauth_consumer_key' => $consumerKey,
'oauth_nonce' => md5(time()),
'oauth_signature_method' => 'HMAC-SHA1',
'oauth_timestamp' => time(),
'oauth_version' => '1.0'
);
ksort($auth_params);
foreach($auth_params as $k=>$v) {
if ($k == 'oauth_callback') {
$v = urlencode($v);
}
$signature .= urlencode($k) . '%3D' . urlencode($v) . '%26';
}
$signature = substr($signature, 0, strlen($signature) - 3);
$signing_key = $consumerSecret . '&';
$oauth_signature = hmac_sha1($signing_key, $signature);
$auth_params['oauth_signature'] = $oauth_signature;
$auth_string = 'OAuth ';
foreach($auth_params as $k=>$v) {
$auth_string .= $k . '="' . urlencode($v);
$auth_string .= ($k == 'oauth_signature') ? '&' : '';
$auth_string .= '", ';
}
$auth_string = substr($auth_string, 0, strlen($auth_string) - 2);
echo 'Authorization header: <pre>';
echo $auth_string;
echo '</pre>';
echo '<br /><br />';
echo 'OAuth Signature: <pre>';
var_dump($oauth_signature);
echo '</pre>';
echo '<br /><br />';
//exit;
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $requestTokenURL);
curl_setopt($curl, CURLOPT_POST, GET);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Authorization: ' . $auth_string)
);
$response = curl_exec($curl);
curl_close($curl);
var_dump($response);
/* function from PHP.net - no PHP4 built-in function */
function hmac_sha1( $key, $data ) {
$blocksize = 64;
$hashfunc = 'sha1';
if ( strlen( $key ) >$blocksize ) {
$key = pack( 'H*', $hashfunc( $key ) );
}
$key = str_pad( $key, $blocksize, chr(0x00) );
$ipad = str_repeat( chr( 0x36 ), $blocksize );
$opad = str_repeat( chr( 0x5c ), $blocksize );
$hash = pack( 'H*', $hashfunc( ( $key^$opad ).pack( 'H*',$hashfunc( ($key^$ipad).$data ) ) ) );
return base64_encode($hash);
}
?>
the thing is, I tried running this script with the values from http://dev.twitter.com/pages/auth#signing-requests and the signature and the Authorization string were exactly the same - but when I try execute with CURL with my own values (using the exacty same code) it just gives me the rather non-descript "Failed to validate oauth signature and token"