在PHP上的Flickr API中获取错误的签名

时间:2012-01-06 05:15:03

标签: php oauth flickr

我在为flickr api生成oauth_signature时遇到了一些问题。你能不能看看这个并告诉我我做错了什么? // p.s.我正在分享我的Flickr密钥和秘密,因为我将在开始生产开发时更改它们。

代码

/* PHP code */
$NONCE=base64_decode(rand());    
$TIMESTAMP= gmdate('U');

$SECRET="39b4f5fd592ede81";    
$KEY="1bab082052d7cf8b3aa9e2bc92882ac0";

$CONSUMER_SECRET= $SECRET. "&";

$url_1 = "http://www.flickr.com/services/oauth/request_token?";    
$url_1 = urlencode($url_1);

$url_2 = "oauth_callback=http%3A%2F%2Flocalhost%2FFlickr%2Flogin.php&oauth_consumer_key=". $KEY;    
$url_2 .="&oauth_nonce=". $NONCE. "&oauth_signature_method=HMAC-SHA1&oauth_timestamp=". $TIMESTAMP. "&oauth_version=1.0";

// generate signature
$BASE_STRING ="";
$BASE_STRING .= "GET&". urlencode($url_1). urlencode($url_2);
$API_SIG= base64_encode(hash_hmac("sha1",$BASE_STRING,$CONSUMER_SECRET, true) );

// url generate
$url="http://www.flickr.com/services/oauth/request_token?oauth_callback=http://localhost/Flickr/login.php&oauth_consumer_key=". $KEY;
$url.="&oauth_nonce=". $NONCE. "&oauth_timestamp=". $TIMESTAMP. "&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=". $API_SIG;

// calling
$ch=curl_init($url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_REFERER, "http://www.example.org/yay.htm");
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla Firefox/3.0");  
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$data= curl_exec($ch);
echo $data;

curl_close($ch);

2 个答案:

答案 0 :(得分:1)

这对我有用,希望它可以帮助别人... 

<?php

$consumerKey = 'your_Flickr_key';
$consumerSecret = 'your_Flickr_secret';

$requestTokenUrl = "https://www.flickr.com/services/oauth/request_token"; 
$oauthTimestamp = time();
$nonce = md5(mt_rand()); 
$oauthSignatureMethod = "HMAC-SHA1"; 
$oauthVersion = "1.0";


$sigBase = "GET&" . rawurlencode($requestTokenUrl) . "&"
    . rawurlencode("oauth_consumer_key=" . rawurlencode($consumerKey)
    . "&oauth_nonce=" . rawurlencode($nonce)
    . "&oauth_signature_method=" . rawurlencode($oauthSignatureMethod)
    . "&oauth_timestamp=" . $oauthTimestamp
    . "&oauth_version=" . $oauthVersion);


$sigKey = $consumerSecret . "&"; 
$oauthSig = base64_encode(hash_hmac("sha1", $sigBase, $sigKey, true));

$requestUrl = $requestTokenUrl . "?"
    . "oauth_consumer_key=" . rawurlencode($consumerKey)
    . "&oauth_nonce=" . rawurlencode($nonce)
    . "&oauth_signature_method=" . rawurlencode($oauthSignatureMethod)
    . "&oauth_timestamp=" . rawurlencode($oauthTimestamp)
    . "&oauth_version=" . rawurlencode($oauthVersion)
    . "&oauth_signature=" . rawurlencode($oauthSig); 

$response = file_get_contents($requestUrl);

var_export($response);

答案 1 :(得分:0)

我正在回答我自己的问题。感谢Sam Judson:http://www.wackylabs.net

我从生成随机数中删除了base64_decode(),它确实有效。

相关问题
最新问题