/** * Method that generates the OAuth signature * * In order for this method to correctly generate a signature, setToken() * MUST be called to set the token and token secret within the instance of * phpSmug. * * @access private * @param string $apicall The API method. * @param mixed $apiargs The arguments passed to the API method. * @return string **/ private function generate_signature($apicall, $apiargs = NULL, $url = NULL) { $this->oauth_timestamp = time(); $this->oauth_nonce = md5(time() . mt_rand()); if (!is_null($apicall) && $apicall != 'Upload') { if (substr($apicall, 0, 8) != 'smugmug.') { $apicall = 'smugmug.' . $apicall; } } if ($this->oauth_signature_method == 'PLAINTEXT') { return phpSmug::urlencodeRFC3986($this->OAuthSecret) . '&' . phpSmug::urlencodeRFC3986($this->oauth_token_secret); } else { $this->oauth_signature_method = 'HMAC-SHA1'; $encKey = phpSmug::urlencodeRFC3986($this->OAuthSecret) . '&' . phpSmug::urlencodeRFC3986($this->oauth_token_secret); if (is_null($apicall) && !is_null($url)) { $endpoint = $url; } else { if (strpos($apicall, 'Token') || $this->secure && $apicall != 'Upload') { $endpoint = "https://secure.smugmug.com/services/api/php/{$this->APIVer}/"; } else { if ($apicall == 'Upload') { //$proto = ( $this->oauth_signature_method == 'PLAINTEXT' || $this->secure ) ? 'https' : 'http'; //$endpoint = $proto . '://upload.smugmug.com/'.$apiargs['FileName']; // No support for secure uploads yet $endpoint = 'http://upload.smugmug.com/' . $apiargs['FileName']; } else { $endpoint = "http://api.smugmug.com/services/api/php/{$this->APIVer}/"; } } } if (is_null($apicall)) { $method = 'GET'; } else { if ($apicall == 'Upload') { $method = 'PUT'; } else { $method = 'POST'; } } $params = array('oauth_version' => '1.0', 'oauth_nonce' => $this->oauth_nonce, 'oauth_timestamp' => $this->oauth_timestamp, 'oauth_consumer_key' => $this->APIKey, 'oauth_signature_method' => $this->oauth_signature_method); if (!is_null($apicall) && $apicall != 'Upload') { $params = array_merge($params, array('method' => $apicall)); } $params = !empty($this->oauth_token) ? array_merge($params, array('oauth_token' => $this->oauth_token)) : $params; if ($apicall != 'Upload') { $params = !empty($apiargs) ? array_merge($params, $apiargs) : $params; } $keys = array_map(array('phpSmug', 'urlencodeRFC3986'), array_keys($params)); $values = array_map(array('phpSmug', 'urlencodeRFC3986'), array_values($params)); $params = array_combine($keys, $values); // Sort by keys (natsort) uksort($params, 'strnatcmp'); // We can't use implode() here as it plays havoc with array keys with empty values. $count = count($params); $string = ''; foreach ($params as $key => $value) { $count--; $string .= $key . '=' . $value; if ($count) { $string .= '&'; } } $base_string = $method . '&' . phpSmug::urlencodeRFC3986($endpoint) . '&' . phpSmug::urlencodeRFC3986($string); $sig = base64_encode(hash_hmac('sha1', $base_string, $encKey, true)); return $sig; } }
/** * Method that generates the OAuth signature * * In order for this method to correctly generate a signature, setToken() * MUST be called to set the token and token secret within the instance of * phpSmug. * * @return string * @access private * @param string $apicall The API method. * @param mixed $apiargs The arguments passed to the API method. **/ private function generate_signature($apicall, $apiargs = NULL) { $this->oauth_timestamp = time(); $this->oauth_nonce = md5(time() . mt_rand()); if ($apicall != 'Upload') { if (substr($apicall, 0, 8) != 'smugmug.') { $apicall = 'smugmug.' . $apicall; } } if ($this->oauth_signature_method == 'PLAINTEXT') { return phpSmug::urlencodeRFC3986($this->OAuthSecret) . '&' . phpSmug::urlencodeRFC3986($this->oauth_token_secret); } else { $this->oauth_signature_method = 'HMAC-SHA1'; $encKey = phpSmug::urlencodeRFC3986($this->OAuthSecret) . '&' . phpSmug::urlencodeRFC3986($this->oauth_token_secret); $endpoint = $apicall == 'Upload' ? 'http://api.smugmug.com/' . $apiargs['FileName'] : 'http://api.smugmug.com/services/api/php/' . $this->APIVer . '/'; $method = $apicall == 'Upload' ? 'PUT' : 'POST'; $params = array('oauth_version' => '1.0', 'oauth_nonce' => $this->oauth_nonce, 'oauth_timestamp' => $this->oauth_timestamp, 'oauth_consumer_key' => $this->APIKey, 'oauth_signature_method' => $this->oauth_signature_method); if ($apicall != 'Upload') { $params = array_merge($params, array('method' => $apicall)); } $params = !empty($this->oauth_token) ? array_merge($params, array('oauth_token' => $this->oauth_token)) : $params; if ($apicall != 'Upload') { $params = !empty($apiargs) ? array_merge($params, $apiargs) : $params; } $keys = array_map(array('phpSmug', 'urlencodeRFC3986'), array_keys($params)); $values = array_map(array('phpSmug', 'urlencodeRFC3986'), array_values($params)); $params = array_combine($keys, $values); // Sort by keys (natsort) uksort($params, 'strnatcmp'); $pairs = array(); foreach ($params as $key => $value) { if (is_array($value)) { natsort($value); foreach ($value as $v2) { $pairs[] = "{$key}={$v2}"; } } else { $pairs[] = "{$key}={$value}"; } } $string = implode('&', $pairs); $base_string = $method . '&' . phpSmug::urlencodeRFC3986($endpoint) . '&' . phpSmug::urlencodeRFC3986($string); $sig = base64_encode(hash_hmac('sha1', $base_string, $encKey, true)); return $sig; } }