Re: [twitter-dev] Storing OAuth Tokens in MySQL Database

1,351 views
Skip to first unread message

Abraham Williams

unread,
Jun 22, 2009, 10:43:02 AM6/22/09
to twitter-deve...@googlegroups.com
The only token you need to store is the access token.

Oh and you should probably reset your consume keys now that they are
publicly known by everyone on this list.

On Mon, Jun 22, 2009 at 01:18, DevinPitcher<devinp...@gmail.com> wrote:
>
> <?php session_start();
> include("../../../settings/mysql.php");
> require_once('twitterOAuth.php');
>
> mysql_connect("$mysql_host", "$mysql_username", "$mysql_password") or
> die("ERROR: Could not connect to MySQL.");
> mysql_select_db("$mysql_database") or die("ERROR: Could not connect to
> selected MySQL database.");
> $sql="SELECT * FROM cirrus_members WHERE member_id='$_SESSION
> [cirrus_member_id]'";
> $result=mysql_query($sql);
> $rows=mysql_fetch_array($result);
>
> $consumer_key = 'D6IpkcZ5RAXgVYpyLOuw';
> $consumer_secret = 'B0NqK3CiNHAaDzseK5YQ6BKE9KrWPb4YGgDIoRVhEnQ';
> $content = NULL;
>
> /* Set state if previous session */
> $state = $_SESSION['oauth_state'];
> /* Checks if oauth_token is set from returning from twitter */
> $session_token = $_SESSION['oauth_request_token'];
> /* Checks if oauth_token is set from returning from twitter */
> $oauth_token = $_REQUEST['oauth_token'];
> /* Set section var */
> $section = $_REQUEST['section'];
>
> if ($_REQUEST['access'] === 'revoke') {
>  session_destroy();
>  session_start();
>  header("location:index.php");
> }
>
> /* If oauth_token is missing get it */
> if ($_REQUEST['oauth_token'] != NULL && $_SESSION['oauth_state'] ===
> 'start') {
>  $_SESSION['oauth_state'] = $state = 'returned';
> }
>
> /*
>  * 'default': Get a request token from twitter for new user
>  * 'returned': The user has authorize the app on twitter
>  */
> switch ($state) {
>  default:
>    /* Create TwitterOAuth object with app key/secret */
>    $to = new TwitterOAuth($consumer_key, $consumer_secret);
>    /* Request tokens from twitter */
>    $tok = $to->getRequestToken();
>
>    /* Save tokens for later */
>    $_SESSION['oauth_request_token'] = $token = $tok['oauth_token'];
>    $_SESSION['oauth_request_token_secret'] = $tok
> ['oauth_token_secret'];
>    $_SESSION['oauth_state'] = "start";
>
>    /* Build the authorization URL */
>    $request_link = $to->getAuthorizeURL($token);
>
>    /* Build link that gets user to twitter to authorize the app */
>        $content .= '<a href="'.$request_link.'">Authenticate on Twitter.com</
> a> to access this application.';
>    break;
>
>  case 'returned':
>    /* If the access tokens are already set skip to the API call */
>    if ($_SESSION['oauth_access_token'] === NULL && $_SESSION
> ['oauth_access_token_secret'] === NULL) {
>      /* Create TwitterOAuth object with app key/secret and token key/
> secret from default phase */
>      $to = new TwitterOAuth($consumer_key, $consumer_secret, $_SESSION
> ['oauth_request_token'], $_SESSION['oauth_request_token_secret']);
>      /* Request access tokens from twitter */
>      $tok = $to->getAccessToken();
>
>      /* Save the access tokens. Normally these would be saved in a
> database for future use. */
>      $_SESSION['oauth_access_token'] = $tok['oauth_token'];
>      $_SESSION['oauth_access_token_secret'] = $tok
> ['oauth_token_secret'];
>    }
>
>    /* Create TwitterOAuth with app key/secret and user access key/
> secret */
>    $to = new TwitterOAuth($consumer_key, $consumer_secret, $_SESSION
> ['oauth_access_token'], $_SESSION['oauth_access_token_secret']);
>    /* Run request on twitter API as user. */
>    if ($_GET['action'] == "getinfo") { $content = $to->OAuthRequest
> ('https://twitter.com/account/verify_credentials.xml', array(),
> 'GET'); }
>    if ($_GET['action'] == "update") { $content = $to->OAuthRequest
> ('https://twitter.com/statuses/update.xml', array('status' => $_POST
> ['status']), 'POST'); }
>    if ($_GET['action'] == "getreplies") { $content = $to->OAuthRequest
> ('https://twitter.com/statuses/replies.xml', array(), 'GET'); }
>        if ($_GET['action'] == "") { $content = $to->OAuthRequest('https://
> twitter.com/statuses/friends_timeline.xml?count=5', array(), 'GET');
> $showTweetBox = "true"; }
>    break;
> }
> ?>
>
> OK, so I have all of the code I need ready, but how can I store all of
> these tokens into a MySQL database for each user?
> I set up rows for each (oauth_state, oauth_token, oauth_token_secret,
> oauth_request_token, oauth_request_token_secret, oauth_access_token,
> and oauth_access_token_secret) so I can store any of them.
> I don't know which ones to store. Any ideas?
>

--
Abraham Williams | Community Evangelist | http://web608.org
Hacker | http://abrah.am | http://twitter.com/abraham
Project | http://fireeagle.labs.poseurtech.com
This email is: [ ] blogable [x] ask first [ ] private.

beckerbao29

unread,
Jun 23, 2009, 6:16:30 AM6/23/09
to Twitter Development Talk
You can store $tok['oauth_token'] & $tok
['oauth_token_secret'] when the state=="return".

Both of this represent like username and password

beckerbao29

unread,
Jun 23, 2009, 6:16:11 AM6/23/09
to Twitter Development Talk
Reply all
Reply to author
Forward
Message has been deleted
0 new messages