Posts Tagged php
Playing with OAuth and twitteroauth
As some of you might know, on August 16th 2010 (it was June 30th at first, but they moved it because of the World cup), Twitter will be shutting down its basic authorization in favor of OAuth. Well Facebook also announced that they would be soon using OAuth. Google and Yahoo! use it too. Looks like it is a good time to learn it.
OAuth, contrary to what some might say is not that easy of a process. It involves a couple more steps than basic authorization. But what it gains from that is trust. The user never has to enter its username and password on your site. My problem with it is that I find that it breaks the user experience because it usually redirects the user’s browser to the website of which you want to use the API, so that the user can input its credentials and that they can allow your application to use data from the API. If you are not familiar with OAuth, here is a great beginner’s guide.
Here is a picture of all the steps involved in the process:
Now what I wanted to write about was the twitteroauth library for PHP by @abraham. I tried to try the other OAuth PHP library that is listed in the Twitter documentation but I couldn’t figure out anything; they talk about Two-Legged OAuth and Three-Legged OAuth, but I have never seen that anywhere. twitteroauth on the other hand is pretty simple to understand. By reading the documentation and starting with the example provided in the source code, I was able to implement what I wanted.
Now I wasn’t the one who created the application on Twitter (which you have to do before you get started with code), so there was a couple of settings that weren’t right at first. You can set if you want your application to be Read-only or Read & Write. Obviously if you want to send Tweets using your application, you will need it to be set to Read & Write. Also in order to use this library you must set your application as a Browser application (as opposed to Client which will not work). I just thought it would be good to list those here so that others (and I) don’t spend the half hour I lost trying to figure this out.
Here is another really interesting tidbit: once you create an authorization token, Twitter will never destroy it. This is not the same for all APIs (I know Yahoo! will expire the token after some time). So once you lead the user through all of the OAuth steps, you can keep the token and use it forever so that the user don’t have to go through the steps again, which is very useful for mobile and desktop apps. It also opens up possibilities for other stuff too, which I will show you eventually, if my current project ever finishes.
Well that is is for now, there will be more on OAuth soon as my next project also connect to another API that uses OAuth.
How to connect to Google Analytics Data API in Flash
Posted by zedia.net in ActionScript 3 on June 5th, 2009
In one of my previous post, I explained how to connect to Google Analytics Data API in AIR. The problem with that way of connecting was that it only worked in AIR. In Flash it works locally, but as soon as you put in on your web server it stops working. Not it is cool to build an AIR (desktop) application that pulls data from Google Analytics, but it would also be cool to build a web application that does the same thing. Well I found out how to do just that. It is a bit more complicated because it involves a bit of server side coding, in this case PHP.
How the process works is that first you login to Google Analytics, Google will then send you a token that you must use when asking for data. So we will have two simple PHP files; one to login in and one to ask for data.
The first one looks like this:
<?php //this file is called get_token.php $user = $_REQUEST[user]; $pass = $_REQUEST[pass] require_once 'curl.php'; $curl = new Curl; $response = $curl->post('https://www.google.com/accounts/ClientLogin', array(accountType => "GOOGLE", Email =>$user, Passwd => $pass, service => "analytics", source => "zedia-GAStats-0" )); $tempArray = explode("Auth=", $response); ?> <root> <token><?php echo ($tempArray[1] ); ?></token> </root>
The second one looks like this:
<?php //this file is called call_ga.php require_once 'curl.php'; $url = $_REQUEST["url"]; $token = $_REQUEST["token"]; $curl2 = curl_init(); curl_setopt($curl2, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($curl2, CURLOPT_HEADER, "0"); curl_setopt($curl2, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($curl2, CURLOPT_URL, $url); curl_setopt($curl2, CURLOPT_HTTPHEADER, array('Authorization: GoogleLogin auth=' . $token)); $response2 = curl_exec($curl2); echo ($response2); ?>
As you can see to make my calls to Google I am using the cURL library that is usually already installed on your server if you have PHP. Also for the get_token.php I am also using the Curl class, made by Sean Huber, that just makes it easier to work with cURL. Upload these files to your server. Now that we have the server side figured out, we can move on to the Flash part; here it is:
package { import flash.display.Sprite; import flash.events.Event; import flash.net.URLLoader; import flash.net.URLRequest; import flash.net.URLVariables; import flash.text.TextField; public class Main extends Sprite { private var loader:URLLoader; private var _loader2:URLLoader; private var _textField:TextField; private var _token:String; private var _buffer:String = ""; public function Main():void { loader = new URLLoader(); loader.addEventListener(Event.COMPLETE, _onTokenLoaded, false, 0, true); //this call will load the token loader.load(new URLRequest("http://www.YOUR_URL_WHERE_THE_PHP_RESIDE.net/get_token.php?user=YOUR_USERNAME&pass=YOUR_PASSWORD")); _textField = new TextField(); _textField.height = 300; _textField.width = 300; _textField.multiline = true; _textField.wordWrap = true; addChild(_textField); } private function _onTokenLoaded(event:Event):void { var tempString:String = String(loader.data); tempString = tempString.substring(1, tempString.length); var tempXML:XML = XML(tempString); _token = tempXML.token; _textField.text = _token; _loader2 = new URLLoader(); _loader2.addEventListener(Event.COMPLETE, _onFeedLoaded, false, 0, true); var request:URLRequest = new URLRequest("http://www.YOUR_URL_WHERE_THE_PHP_RESIDE.net/call_ga.php"); var urlVar:URLVariables = new URLVariables(); urlVar.token = _token; urlVar.url = "https://www.google.com/analytics/feeds/accounts/default"; request.data = urlVar; _loader2.load(request); } private function _onFeedLoaded(event:Event):void { _textField.text = String (_loader2.data); } } }
What you basically do is that you use your server to do all the communication between the Flash and Google. Everytime you will want a different feed to get different data you will call the call_ga.php file. It is that simple. If you have any question on this feel free to ask them in the comments.
as3Crypto and php, what a fun ride!
Posted by zedia.net in ActionScript 3 on March 30th, 2009
Actually not so fun, but I did manage (I should say we because I wasn’t alone in this). Cryptography is not my thing, eh, not everything can be your thing so I accept it. There is just too much to learn: hash functions, public keys, symmetric ciphers, etc. Want we wanted to do was to encrypt data on the As3 side and decrypt it on the php side. I was aware that there was some cryptographic algorythms in the as3corelib, but none of them (MD5, SHA-1) fitted our needs. There is another great cryptography library out there and it is as3Crypto; the problem is that it is a bit hard to get around, there is a lot to choose from. We settled on AES (Advanced Encryption Standard). After 2 hours of trying to get it to work, we found this great post on Google groups (about middle of the page). I am copying the content here to make it easier for people to find. I have to give all the credit for this post to Jason Foglia who posted his code.
Here is the As3 Class:
package { import flash.display.Sprite; import flash.utils.ByteArray; import com.hurlant.crypto.symmetric.ICipher; import com.hurlant.crypto.symmetric.IVMode; import com.hurlant.crypto.symmetric.IMode; import com.hurlant.crypto.symmetric.NullPad; import com.hurlant.crypto.symmetric.PKCS5; import com.hurlant.crypto.symmetric.IPad; import com.hurlant.util.Base64; import com.hurlant.util.Hex; import com.hurlant.crypto.Crypto; public class CryptoCode extends Sprite { private var type:String='simple-des-ecb'; private var key:ByteArray; public function CryptoCode() { init(); } private function init():void { key = Hex.toArray(Hex.fromString('TESTTEST'));// can only be 8 characters long trace(encrypt('TEST TEST')); trace(decrypt(encrypt('TEST TEST')); } private function encrypt(txt:String = ''):String { var data:ByteArray = Hex.toArray(Hex.fromString(txt)); var pad:IPad = new PKCS5; var mode:ICipher = Crypto.getCipher(type, key, pad); pad.setBlockSize(mode.getBlockSize()); mode.encrypt(data); return Base64.encodeByteArray(data); } private function decrypt(txt:String = ''):String { var data:ByteArray = Base64.decodeToByteArray(txt); var pad:IPad = new PKCS5; var mode:ICipher = Crypto.getCipher(type, key, pad); pad.setBlockSize(mode.getBlockSize()); mode.decrypt(data); return Hex.toString(Hex.fromArray(data)); } } }
Here is the php class:
<? class Crypt { var $key = NULL; var $iv = NULL; var $iv_size = NULL; function Crypt() { $this->init(); } function init($key = "") { $this->key = ($key != "") ? $key : ""; $this->algorithm = MCRYPT_DES; $this->mode = MCRYPT_MODE_ECB; $this->iv_size = mcrypt_get_iv_size($this->algorithm, $this->mode); $this->iv = mcrypt_create_iv($this->iv_size, MCRYPT_RAND); } function encrypt($data) { $size = mcrypt_get_block_size($this->algorithm, $this->mode); $data = $this->pkcs5_pad($data, $size); return base64_encode(mcrypt_encrypt($this->algorithm, $this->key, $data, $this->mode, $this->iv)); } function decrypt($data) { return $this->pkcs5_unpad(rtrim(mcrypt_decrypt($this->algorithm, $this->key, base64_decode($data), $this->mode, $this->iv))); } function pkcs5_pad($text, $blocksize) { $pad = $blocksize - (strlen($text) % $blocksize); return $text . str_repeat(chr($pad), $pad); } function pkcs5_unpad($text) { $pad = ord($text{strlen($text)-1}); if ($pad > strlen($text)) return false; if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false; return substr($text, 0, -1 * $pad); } } ?>
Now if you use the encrypt method of one you can send the data to the other one and decrypt it in the other language if you use the same key. Works like a charm. There is a mention that the key can only be 8 characters long but I haven’t tested it out.
