简单的Twitter OAuth授权每次询问凭据 [英] Simple Twitter Oauth authorization asking for credentials every time
问题描述
我正在使用教程这里简单的Twitter基于登录/注册系统。我得到的oauth_token以及OAuth的令牌密钥每次我得到了用户登录的时间。然而,即使用户已经登录时,他被要求重新登录。我只是想知道我该如何检查,如果用户已经登录?
我需要存储在会话中的oauth_token和OAuth令牌的秘密?如果我做这些保存在session中,如何验证它们是否有效?
所使用的库有这样的事情:
< PHP
在session_start();
类EpiOAuth
{
公版$ ='1.0'; 保护$ requestTokenUrl;
保护$ accessTokenUrl;
保护$ authorizeUrl;
保护$ consumerKey;
保护$ consumerSecret;
保护$令牌;
保护$ tokenSecret;
保护$是SignatureMethod; 公共职能getAccessToken()
{
$ RESP = $这个 - > HTT prequest(GET,$这个 - > accessTokenUrl);
返回新EpiOAuthResponse($ RESP);
} 公共职能getAuthorizationUrl()
{
$ RETVAL ={$这个 - > authorizeUrl}?
$令牌= $这个 - > getRequestToken();
返回$这个 - > authorizeUrl。 '?组oauth_token ='。 $ token->的oauth_token;
} 公共职能getRequestToken()
{
$ RESP = $这个 - > HTT prequest(GET,$这个 - > requestTokenUrl);
返回新EpiOAuthResponse($ RESP);
} 公共职能HTT prequest($方法= NULL,$ URL = NULL,$ PARAMS = NULL)
{
如果(空($法)||空($网址))
返回false; 如果(空($ PARAMS ['oauth_signature']))
$ PARAMS = $这个 - > prepareParameters($方法,$网址,$ params)方法; 开关($法)
{
案GET:
返回$这个 - > HTTPGET($网址,$ params)方法;
打破;
案POST:
返回$这个 - > httpPost($网址,$ params)方法;
打破;
}
} 公共职能setToken($令牌= NULL,$秘密= NULL)
{
$ PARAMS = func_get_args();
$这个 - >令牌= $令牌;
$这个 - > tokenSecret = $秘密;
} 公共职能EN code($字符串)
{
返回rawurlen code(utf8_en code($字符串));
} 保护功能addOAuthHeaders(安培; $ CH,$网址,$ oauthHeaders)
{
$ _H =阵列('期待:');
$ urlParts = parse_url($网址);
$的OAuth ='授权:OAuth的境界='。$ urlParts ['路径'。';
的foreach($ oauthHeaders为$名=> $值)
{
。$的OAuth ={$ name}的= \\{$值} \\,;
}
$ _h [] = SUBSTR($ OAuth的,0,-1); curl_setopt($ CH,CURLOPT_HTTPHEADER,$ _H);
} 保护功能generateNonce()
{
如果(使用isset($这个 - >随机数))//进行单元测试
返回$这个 - >随机数; 返回MD5(uniqid(RAND(),真));
} 保护功能generateSignature($方法= NULL,$ URL = NULL,$ PARAMS = NULL)
{
如果(空($法)||空($网址))
返回false;
//串联
$ concatenatedParams ='';
的foreach($ PARAMS为$ K => $ V)
{
$ V = $这个 - > EN code($ V);
$ concatenatedParams ={$ķ} = {$ V}&安培;。
}
$ concatenatedParams = $这个 - > EN code(SUBSTR($ concatenatedParams 1,0,-1)); // URL规范化
$ normalizedUrl = $这个 - > EN code($这个 - > normalizeUrl($网址));
$方法= $这个 - > EN code($法); //不需要这个,但为什么不呢? $ signatureBaseString ={$方法}&放大器; {$ normalizedUrl}&放大器; {$ concatenatedParams};
返回$这个 - > signString($ signatureBaseString);
} 保护功能HTTPGET($网址,$ PARAMS = NULL)
{
如果(计数($ PARAMS ['要求'])0)
{
。'?'$ URL =;
的foreach($ PARAMS ['要求']为$ K => $ V)
{
。$ URL ={$ķ} = {$ V}&安培;;
}
$ URL = SUBSTR($网址,0,-1);
}
$ CH = curl_init($网址);
$这个 - > addOAuthHeaders($ CH,$网址,$ PARAMS ['OAuth的']);
curl_setopt($ CH,CURLOPT_RETURNTRANSFER,真正的);
$ RESP = $这个 - > curl-> addCurl($ CH); 返回$ RESP;
} 保护功能httpPost($网址,$ PARAMS = NULL)
{
$ CH = curl_init($网址);
$这个 - > addOAuthHeaders($ CH,$网址,$ PARAMS ['OAuth的']);
curl_setopt($ CH,CURLOPT_POST,1);
curl_setopt($ CH,CURLOPT_POSTFIELDS,http_build_query($ PARAMS ['要求']));
curl_setopt($ CH,CURLOPT_RETURNTRANSFER,真正的);
$ RESP = $这个 - > curl-> addCurl($ CH);
返回$ RESP;
} 保护功能normalizeUrl($ URL = NULL)
{
$ urlParts = parse_url($网址);
$计划=用strtolower($ urlParts ['计划']);
$主机=用strtolower($ urlParts ['主机']);
$端口= INTVAL($ urlParts ['口']); $ RETVAL ={$}方案:// {$主机};
如果($端口大于0和放大器;及($方案==='HTTP'和;&安培;!$端口== 80)||($方案==='HTTPS'和;&安培;!$端口= = 443))
{
$ RETVAL =:{$}端口。
}
。$ RETVAL = $ urlParts ['路径'];
如果(!空($ urlParts ['查询']))
{
{$ urlParts ['查询']}$ RETVAL =;
} 返回$ RETVAL;
} 保护功能prepareParameters($方法= NULL,$ URL = NULL,$ PARAMS = NULL)
{
如果(空($法)||空($网址))
返回false; $的OAuth ['oauth_consumer_key'] = $这个 - > consumerKey;
$的OAuth ['组oauth_token'] = $这个 - >令牌;
$的OAuth ['oauth_nonce'] = $这个 - > generateNonce();
!$的OAuth ['oauth_timestamp'] =使用isset($这个 - >时间戳)?时间()函数:$ this->时间戳; //单元测试
$的OAuth ['oauth_signature_method'] = $这个 - >是SignatureMethod;
$的OAuth ['oauth_version'] = $这个 - >版本; //编码
array_walk($ OAuth的,数组($此,恩code'));
如果(is_array($ params)方法)
array_walk($参数,可以阵列($此,恩code'));
$连接codedParams = array_merge($ OAuth的,(阵列)$ params)方法; //排序
ksort($连接codedParams); //签约
$的OAuth ['oauth_signature'] = $这个 - > EN code($这个 - > generateSignature($方法,$网址,$连接codedParams));
返回数组('要求'= GT; $参数,可以'的OAuth'=> $的OAuth);
} 保护功能signString($字符串= NULL)
{
$ RETVAL = FALSE;
开关($这个 - >是SignatureMethod)
{
案HMAC-SHA1:
$键= $这个 - > EN code($这个 - > consumerSecret)。 '和;' 。 $这个 - > EN code($这个 - > tokenSecret);
$ RETVAL = base64_en code(hash_hmac(SHA1',$字符串,$关键,真正的));
打破;
} 返回$ RETVAL;
} 公共职能__construct($ consumerKey,$ consumerSecret,$是SignatureMethod ='HMAC-SHA1)
{
$这个 - > consumerKey = $ consumerKey;
$这个 - > consumerSecret = $ consumerSecret;
$这个 - >是SignatureMethod = $是SignatureMethod;
$这个 - >卷曲= EpiCurl ::的getInstance();
}
}类EpiOAuthResponse
{
私人$ __ RESP; 公共职能__construct($ RESP)
{
$这个 - > __ RESP = $ RESP;
} 公共职能__get($名)
{
如果($这个 - > __ resp-> $ C $℃下200 || $这个 - > __ resp-> code> 299)
返回false; parse_str($这个 - > __ resp->的数据,$结果);
的foreach($结果为$ K => $ V)
{
$这个 - > $ K = $ V;
} 返回$结果[$名称];
}
}
启用选项登录与Twitter应用程序的OAuth设置
I am making a simple twitter based login/signup system using the tutorial here. I get the oauth_token as well as oauth token secret every time I get the user to login. However, even when the user is already logged in, he is being asked to login again. I just wanted to know how do I check if the user is already logged in?
Do I need to store the oauth_token and oauth token secret in session? If I do store these in a session, how do i authenticate if they are valid?
The library used has something like this:
<?php
session_start();
class EpiOAuth
{
public $version = '1.0';
protected $requestTokenUrl;
protected $accessTokenUrl;
protected $authorizeUrl;
protected $consumerKey;
protected $consumerSecret;
protected $token;
protected $tokenSecret;
protected $signatureMethod;
public function getAccessToken()
{
$resp = $this->httpRequest('GET', $this->accessTokenUrl);
return new EpiOAuthResponse($resp);
}
public function getAuthorizationUrl()
{
$retval = "{$this->authorizeUrl}?";
$token = $this->getRequestToken();
return $this->authorizeUrl . '?oauth_token=' . $token->oauth_token;
}
public function getRequestToken()
{
$resp = $this->httpRequest('GET', $this->requestTokenUrl);
return new EpiOAuthResponse($resp);
}
public function httpRequest($method = null, $url = null, $params = null)
{
if(empty($method) || empty($url))
return false;
if(empty($params['oauth_signature']))
$params = $this->prepareParameters($method, $url, $params);
switch($method)
{
case 'GET':
return $this->httpGet($url, $params);
break;
case 'POST':
return $this->httpPost($url, $params);
break;
}
}
public function setToken($token = null, $secret = null)
{
$params = func_get_args();
$this->token = $token;
$this->tokenSecret = $secret;
}
public function encode($string)
{
return rawurlencode(utf8_encode($string));
}
protected function addOAuthHeaders(&$ch, $url, $oauthHeaders)
{
$_h = array('Expect:');
$urlParts = parse_url($url);
$oauth = 'Authorization: OAuth realm="' . $urlParts['path'] . '",';
foreach($oauthHeaders as $name => $value)
{
$oauth .= "{$name}=\"{$value}\",";
}
$_h[] = substr($oauth, 0, -1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $_h);
}
protected function generateNonce()
{
if(isset($this->nonce)) // for unit testing
return $this->nonce;
return md5(uniqid(rand(), true));
}
protected function generateSignature($method = null, $url = null, $params = null)
{
if(empty($method) || empty($url))
return false;
// concatenating
$concatenatedParams = '';
foreach($params as $k => $v)
{
$v = $this->encode($v);
$concatenatedParams .= "{$k}={$v}&";
}
$concatenatedParams = $this->encode(substr($concatenatedParams, 0, -1));
// normalize url
$normalizedUrl = $this->encode($this->normalizeUrl($url));
$method = $this->encode($method); // don't need this but why not?
$signatureBaseString = "{$method}&{$normalizedUrl}&{$concatenatedParams}";
return $this->signString($signatureBaseString);
}
protected function httpGet($url, $params = null)
{
if(count($params['request']) > 0)
{
$url .= '?';
foreach($params['request'] as $k => $v)
{
$url .= "{$k}={$v}&";
}
$url = substr($url, 0, -1);
}
$ch = curl_init($url);
$this->addOAuthHeaders($ch, $url, $params['oauth']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$resp = $this->curl->addCurl($ch);
return $resp;
}
protected function httpPost($url, $params = null)
{
$ch = curl_init($url);
$this->addOAuthHeaders($ch, $url, $params['oauth']);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params['request']));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$resp = $this->curl->addCurl($ch);
return $resp;
}
protected function normalizeUrl($url = null)
{
$urlParts = parse_url($url);
$scheme = strtolower($urlParts['scheme']);
$host = strtolower($urlParts['host']);
$port = intval($urlParts['port']);
$retval = "{$scheme}://{$host}";
if($port > 0 && ($scheme === 'http' && $port !== 80) || ($scheme === 'https' && $port !== 443))
{
$retval .= ":{$port}";
}
$retval .= $urlParts['path'];
if(!empty($urlParts['query']))
{
$retval .= "?{$urlParts['query']}";
}
return $retval;
}
protected function prepareParameters($method = null, $url = null, $params = null)
{
if(empty($method) || empty($url))
return false;
$oauth['oauth_consumer_key'] = $this->consumerKey;
$oauth['oauth_token'] = $this->token;
$oauth['oauth_nonce'] = $this->generateNonce();
$oauth['oauth_timestamp'] = !isset($this->timestamp) ? time() : $this->timestamp; // for unit test
$oauth['oauth_signature_method'] = $this->signatureMethod;
$oauth['oauth_version'] = $this->version;
// encoding
array_walk($oauth, array($this, 'encode'));
if(is_array($params))
array_walk($params, array($this, 'encode'));
$encodedParams = array_merge($oauth, (array)$params);
// sorting
ksort($encodedParams);
// signing
$oauth['oauth_signature'] = $this->encode($this->generateSignature($method, $url, $encodedParams));
return array('request' => $params, 'oauth' => $oauth);
}
protected function signString($string = null)
{
$retval = false;
switch($this->signatureMethod)
{
case 'HMAC-SHA1':
$key = $this->encode($this->consumerSecret) . '&' . $this->encode($this->tokenSecret);
$retval = base64_encode(hash_hmac('sha1', $string, $key, true));
break;
}
return $retval;
}
public function __construct($consumerKey, $consumerSecret, $signatureMethod='HMAC-SHA1')
{
$this->consumerKey = $consumerKey;
$this->consumerSecret = $consumerSecret;
$this->signatureMethod = $signatureMethod;
$this->curl = EpiCurl::getInstance();
}
}
class EpiOAuthResponse
{
private $__resp;
public function __construct($resp)
{
$this->__resp = $resp;
}
public function __get($name)
{
if($this->__resp->code < 200 || $this->__resp->code > 299)
return false;
parse_str($this->__resp->data, $result);
foreach($result as $k => $v)
{
$this->$k = $v;
}
return $result[$name];
}
}
Enable option "Sign in with Twitter" for application OAuth Settings
这篇关于简单的Twitter OAuth授权每次询问凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!