Just to be clear - this is example code I’m using to try and get the signature from here: https://dev.twitter.com/docs/auth/implementing-sign-twitter
public function testSignature(){
// testing bit
$oauth = array(
'oauth_consumer_key'=>'cChZNFj6T5R0TigYB9yd1w',
'oauth_nonce'=>'a9900fe68e2573b27a37f10fbad6a755',
'oauth_signature_method'=>'HMAC-SHA1',
'oauth_timestamp'=>'1318467427',
'oauth_token'=>'NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0',
'oauth_version'=>'1.0'
);
$this->o_secret = 'veNRnAWe6inFuo8o2u8SLLZLjolYDmDP7SzL0YfYI';
$this->c_secret = 'L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg';
ksort($oauth);
$string = rawurlencode(http_build_query($oauth));
$new_string = strtoupper($http_method).'&'.rawurlencode($main_url[0]).'&'.$string;
// The request_token request doesn't need a o_secret because it doesn't have one!
$sign_key = $this->c_secret.'&'.$this->o_secret;
echo 'Should be: 39cipBtIOHEEnybAR4sATQTpl2I%3D<br>';
echo 'We get: '.urlencode(base64_encode(hash_hmac('sha1',$new_string,$sign_key,true)));
exit;
}
