I honestly spent several crazy hours trying to solve this issue, but I surrender. My script properly requests token for the 1st time, redirects user to authorization page and then I always get “Failed to validate oauth signature and token”, no matter what I do. I beg you, please, look at my script and tell me, where I’m wrong. I seriously hate this already and dunno, what to do.
if ($_GET['network'] == "twitter")
{
$requestTokenUrl = "http://api.twitter.com/oauth/request_token";
$consumerSecret = $params->def('twsecret');
$consumerKey = $params->def('twappid');
//unset($_SESSION['oauth_token']);exit;
if ($_SESSION['oauth_token'] && !$_GET['oauth_verifier'])
{
header("Location: http://api.twitter.com/oauth/authorize?oauth_token=".$_SESSION['oauth_token']);
}
elseif ($_GET['oauth_verifier'])
{
$oauthTimestamp = time();
$nonce = md5(mt_rand());
$oauth = array( 'oauth_consumer_key' => $consumerKey,
'oauth_nonce' => $nonce,
'oauth_signature_method' => 'HMAC-SHA1',
'oauth_timestamp' => $oauthTimestamp,
'oauth_token' => $_SESSION['oauth_token'],
'oauth_verifier' => $_GET['oauth_verifier'],
'oauth_version' => '1.0');
$r = array();
uksort($oauth, 'strcmp');
foreach($oauth as $key=>$value)
{
$r[] = $key."=".rawurlencode($value);
}
$oauth_signature = "POST&".rawurlencode($requestTokenUrl).'&'.rawurlencode(implode('&', $r));
$compositeKey = rawurlencode($consumerSecret).'&'.rawurlencode($_SESSION['oauth_token_secret']);
$oauthSig = rawurlencode(base64_encode(hash_hmac('sha1', $oauth_signature, $compositeKey, true)));
$oauth['oauth_signature'] = $oauthSig;
unset($oauth['oauth_verifier']);
$r = 'Authorization: OAuth ';
$values = array();
uksort($oauth, 'strcmp');
foreach($oauth as $key=>$value)
{
if ($key != 'oauth_verifier')
{
$values[] = $key.'="'.rawurlencode($value).'"';
}
}
$r .= implode(', ', $values);
$header = array($r, 'Content-Type: application/x-www-form-urlencoded', 'Host: api.twitter.com');
$twoptions = array(CURLOPT_HTTPHEADER => $header, CURLOPT_HEADER => false, CURLOPT_URL => $requestTokenUrl, CURLOPT_POST => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_POSTFIELDS => 'oauth_verifier='.$_GET['oauth_verifier'], CURLOPT_SSL_VERIFYPEER => false);
$ch = curl_init();
curl_setopt_array($ch, $twoptions);
$result = curl_exec($ch);
curl_close($ch);
}
else
{
$oauthTimestamp = time();
$nonce = md5(mt_rand());
$oauth = array( 'oauth_callback' => $redirect,
'oauth_consumer_key' => $consumerKey,
'oauth_nonce' => $nonce,
'oauth_signature_method' => 'HMAC-SHA1',
'oauth_timestamp' => $oauthTimestamp,
'oauth_version' => '1.0');
$r = array();
uksort($oauth, 'strcmp');
foreach($oauth as $key=>$value)
{
$r[] = $key."=".rawurlencode($value);
}
$oauth_signature = "POST&".rawurlencode($requestTokenUrl).'&'.rawurlencode(implode('&', $r));
$compositeKey = rawurlencode($consumerSecret).'&';
$oauthSig = base64_encode(hash_hmac('sha1', $oauth_signature, $compositeKey, true));
$oauth['oauth_signature'] = $oauthSig;
$r = 'Authorization: OAuth ';
$values = array();
uksort($oauth, 'strcmp');
foreach($oauth as $key=>$value)
{
$values[] = $key.'="'.rawurlencode($value).'"';
}
$r .= implode(', ', $values);
$header = array($r, 'Expect:');
$twoptions = array(CURLOPT_HTTPHEADER => $header, CURLOPT_HEADER => false, CURLOPT_URL => $requestTokenUrl, CURLOPT_POST => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_POSTFIELDS => '', CURLOPT_SSL_VERIFYPEER => false);
$ch = curl_init();
curl_setopt_array($ch, $twoptions);
$response = curl_exec($ch);
parse_str($response, $result);
curl_close($ch);
$_SESSION['oauth_token'] = $result['oauth_token'];
$_SESSION['oauth_token_secret'] = $result['oauth_token_secret'];
}
}
