Another "Failed to validate oauth signature and token" thread


#1

I honestly spent several crazy hours trying to solve this issue, but I surrender. My script properly requests token for the 1st time, redirects user to authorization page and then I always get “Failed to validate oauth signature and token”, no matter what I do. I beg you, please, look at my script and tell me, where I’m wrong. I seriously hate this already and dunno, what to do.

if ($_GET['network'] == "twitter")
{
	$requestTokenUrl = "http://api.twitter.com/oauth/request_token";
	$consumerSecret = $params->def('twsecret');
	$consumerKey = $params->def('twappid');
	//unset($_SESSION['oauth_token']);exit;
	if ($_SESSION['oauth_token'] && !$_GET['oauth_verifier'])
	{
		header("Location: http://api.twitter.com/oauth/authorize?oauth_token=".$_SESSION['oauth_token']);
	}
	elseif ($_GET['oauth_verifier'])
	{
		$oauthTimestamp = time();
		$nonce = md5(mt_rand());
		
		$oauth = array(	'oauth_consumer_key' => $consumerKey,
    	      			'oauth_nonce' => $nonce,
        	  			'oauth_signature_method' => 'HMAC-SHA1',
          				'oauth_timestamp' => $oauthTimestamp,
          				'oauth_token' => $_SESSION['oauth_token'],
          				'oauth_verifier' => $_GET['oauth_verifier'],
          				'oauth_version' => '1.0');
        
		$r = array();
	    uksort($oauth, 'strcmp');
		
		foreach($oauth as $key=>$value)
		{
    		$r[] = $key."=".rawurlencode($value);
		}

		$oauth_signature = "POST&".rawurlencode($requestTokenUrl).'&'.rawurlencode(implode('&', $r));
		$compositeKey = rawurlencode($consumerSecret).'&'.rawurlencode($_SESSION['oauth_token_secret']);
		$oauthSig = rawurlencode(base64_encode(hash_hmac('sha1', $oauth_signature, $compositeKey, true)));

		$oauth['oauth_signature'] = $oauthSig;
		unset($oauth['oauth_verifier']);

		$r = 'Authorization: OAuth ';
    	$values = array();
	    uksort($oauth, 'strcmp');

		foreach($oauth as $key=>$value)
		{
			if ($key != 'oauth_verifier')
			{
    			$values[] = $key.'="'.rawurlencode($value).'"';
    		}
		}

		$r .= implode(', ', $values);
	
		$header = array($r, 'Content-Type: application/x-www-form-urlencoded', 'Host: api.twitter.com');

		$twoptions = array(CURLOPT_HTTPHEADER => $header, CURLOPT_HEADER => false, CURLOPT_URL => $requestTokenUrl, CURLOPT_POST => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_POSTFIELDS => 'oauth_verifier='.$_GET['oauth_verifier'], CURLOPT_SSL_VERIFYPEER => false);
		 
		$ch = curl_init();
		curl_setopt_array($ch, $twoptions);
		$result = curl_exec($ch);
		curl_close($ch);
	}
	else
	{
		$oauthTimestamp = time();
		$nonce = md5(mt_rand());
		
		$oauth = array(	'oauth_callback' => $redirect,
	          			'oauth_consumer_key' => $consumerKey,
    	      			'oauth_nonce' => $nonce,
        	  			'oauth_signature_method' => 'HMAC-SHA1',
          				'oauth_timestamp' => $oauthTimestamp,
          				'oauth_version' => '1.0');

		$r = array();
	    uksort($oauth, 'strcmp');
		
		foreach($oauth as $key=>$value)
		{
    		$r[] = $key."=".rawurlencode($value);
		}

		$oauth_signature = "POST&".rawurlencode($requestTokenUrl).'&'.rawurlencode(implode('&', $r));
		$compositeKey = rawurlencode($consumerSecret).'&';
		$oauthSig = base64_encode(hash_hmac('sha1', $oauth_signature, $compositeKey, true));

		$oauth['oauth_signature'] = $oauthSig;
	
		$r = 'Authorization: OAuth ';
    	$values = array();
	    uksort($oauth, 'strcmp');
		
		foreach($oauth as $key=>$value)
		{
    		$values[] = $key.'="'.rawurlencode($value).'"';
		}

		$r .= implode(', ', $values);
	
		$header = array($r, 'Expect:');

		$twoptions = array(CURLOPT_HTTPHEADER => $header, CURLOPT_HEADER => false, CURLOPT_URL => $requestTokenUrl, CURLOPT_POST => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_POSTFIELDS => '', CURLOPT_SSL_VERIFYPEER => false);

		$ch = curl_init();
		curl_setopt_array($ch, $twoptions);
		$response = curl_exec($ch);
		parse_str($response, $result);
		curl_close($ch);

		$_SESSION['oauth_token'] = $result['oauth_token'];
		$_SESSION['oauth_token_secret'] = $result['oauth_token_secret'];
	}
}