Tom Reitz » microblogging http://www.tom-reitz.com Tech Talk, Catholic Commentary, and American Activism Tue, 07 Dec 2010 09:42:48 +0000 http://wordpress.org/?v=2.9.1 en hourly 1 Twitter from PHP http://www.tom-reitz.com/2009/06/16/twitter-from-php/ http://www.tom-reitz.com/2009/06/16/twitter-from-php/#comments Tue, 16 Jun 2009 17:52:02 +0000 admin http://www.tom-reitz.com/?p=143 A few months ago I broke down and joined Twitter. Pretty much the only reason is that I wanted to learn how to integrate Twitter into PHP web applications. Here’s what I found:

Twitter has a URL http://www.twitter.com/statuses/update.xml where you can POST a twitter update. The following HTML form will update your twitter status after asking you for your username and password:

<form action="http://twitter.com/statuses/update.xml" method="POST">
	<input type="text" name="status" />
	<input type="submit" value=""Tweet!" />
</form>

This is cool, but it would be nice to circumvent the password protection in a web application where you probably already have a user logged in and validated? Fortunately this is possible using HTTP headers: (please make sure you read my SECURITY NOTE below)

<form action='twitter.php' method='post'>
	<input type='text' name='status' />
	<input type='submit' value='tweet' />
</form>
<?php
	if($_POST['status']!="") {

		$data = "status=".stripslashes($_POST['status']);
		$fp = fsockopen("www.twitter.com", 80);
		$user = "twitter_username";
		$pass = "twitter_password";

		fputs($fp, "POST /statuses/update.xml HTTP/1.1\r\n");
		fputs($fp, "Host: www.twitter.com\r\n");
		fputs($fp, "Referer: None\r\n");
		fputs($fp, "Authorization: Basic ".
			base64_encode($user.":".$pass)."\r\n");
		fputs($fp, "Content-type: ".
			"application/x-www-form-urlencoded\r\n");
		fputs($fp, "Content-length: ". strlen($data) ."\r\n");
		fputs($fp, "Connection: close\r\n\r\n");
		fputs($fp, $data);

		while(!feof($fp))$str .= fgets($fp, 128);
		if(!strstr(" OK ",$str))
			echo "There was a problem posting your twitter update.";
		else echo "twitter update posted successfully!";
	}
?>

SECURITY NOTE:

Please notice that the code above sends the username and password hash unencrypted over a plaintext HTTP pipe. The password hash is thus vulnerable to rainbow table attacks.

A better solution uses HTTPS with cURL. This way, the username & password hash info don’t have to be sent plaintext:

<form action='twitter.php' method='post'>
	<input type='text' name='status' /> <input type='submit' value='tweet' />
</form>
<?php
	if($_POST['status']!="") {
		$url = "https://twitter.com/statuses/update.xml";
		$user = "twitter_username";
		$pass = "twitter_password";

		$ch = curl_init();
		curl_setopt($ch, CURLOPT_URL, $url);
		curl_setopt($ch, CURLOPT_POST, true);
		curl_setopt($ch, CURLOPT_HEADER, true);
		curl_setopt($ch, CURLOPT_USERPWD, $user.":".$pass);
		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
		curl_setopt($ch, CURLOPT_POSTFIELDS,
			"status=".stripslashes($_POST['status']));

		ob_start();
		curl_exec($ch);
		$str = ob_get_contents();
		ob_end_clean();
		curl_close($ch);

		if($str=="" || strstr($str,"<error>"))
			echo "There was a problem posting your twitter update.";
		else echo "twitter update posted successfully!";
	}
?>

Since I’ve started using twitter I’ve found that it’s very useful for companies and organizations that want to get messages out to lots of people quickly. You can even get twitter updates by phone using SMS!

Happy tweeting!

Share/Bookmark]]> http://www.tom-reitz.com/2009/06/16/twitter-from-php/feed/ 1