/** * Calculate the signature using MD5 * Binary md5 digest, as distinct from PHP's built-in hexdigest. * This function is copyright Andy Smith, 2007. * * @param string $base * @param string $consumerSecret * @param string $tokenSecret * @return string The encoded signature */ public function make($base, $consumerSecret, $tokenSecret) { $s .= '&' . Rfc3986::urlEncode($consumerSecret) . '&' . Rfc3986::urlEncode($tokenSecret); $md5 = md5($base); $bin = ''; for ($i = 0; $i < strlen($md5); $i += 2) { $bin .= chr(hexdec($md5[$i + 1]) + hexdec($md5[$i]) * 16); } // return encoded signature return Rfc3986::urlEncode(base64_encode($bin)); }
/** * Calculate the signature using HMAC-SHA1 * This function is copyright Andy Smith, 2007. * * @param string $signatureBase * @param string $consumerSecret * @param string $tokenSecret * @return string The encoded signature */ public function make($signatureBase, $consumerSecret, $tokenSecret) { $key = Rfc3986::urlEncode($consumerSecret) . '&' . Rfc3986::urlEncode($tokenSecret); if (function_exists('hash_hmac')) { $signature = base64_encode(hash_hmac('sha1', $signatureBase, $key, true)); } else { $blocksize = 64; $hashfunc = 'sha1'; if (strlen($key) > $blocksize) { $key = pack('H*', $hashfunc($key)); } $key = str_pad($key, $blocksize, chr(0x0)); $ipad = str_repeat(chr(0x36), $blocksize); $opad = str_repeat(chr(0x5c), $blocksize); $hmac = pack('H*', $hashfunc(($key ^ $opad) . pack('H*', $hashfunc(($key ^ $ipad) . $signatureBase)))); $signature = base64_encode($hmac); } // Return encoded signature return Rfc3986::urlEncode($signature); }
/** * Exchange a request token for an access token * * @param boolean $bypassNonce * Whether bypass nonce check or not * @return array The new access token */ public function accessToken($bypassNonce = false) { $result = $this->verify('request', $bypassNonce); // Optional TTL $options = array(); $ttl = $this->getParam(self::XOAUTH_TOKEN_TTL, true); if ($ttl) { $options['token_ttl'] = $ttl; } $verifier = $this->getParam(self::OAUTH_VERIFIER, true); if ($verifier) { $options['verifier'] = $verifier; } $options['callback_url'] = isset($result['callback_url']) ? $result['callback_url'] : null; $options['referer_url'] = isset($result['referer_url']) ? $result['referer_url'] : null; // Exchange request token for an access token if (!isset($this->storages['request_token'])) { throw new \RuntimeException('You must supply a storage object implementing ' . $this->storageMap['request_token']); } if (!isset($this->storages['access_token'])) { throw new \RuntimeException('You must supply a storage object implementing ' . $this->storageMap['access_token']); } // Should have a transaction here? $accessToken = $this->storages['access_token']->createAccessToken($result['consumer_key'], $result['username'], $options); if (!$accessToken) { throw new \RuntimeException('Cannot create new access token for ' . json_encode($result)); } // Delete request token here $this->storages['access_token']->deleteRequestToken($result['token']); $data = []; $data[self::OAUTH_TOKEN] = Rfc3986::urlEncode($accessToken['token']); $data[self::OAUTH_TOKEN_SECRET] = Rfc3986::urlEncode($accessToken['token_secret']); $data[self::OAUTH_CALLBACK_CONFIRMED] = 1; if (!empty($accessToken['expires_at']) && is_numeric($accessToken['expires_at'])) { $expiresAt = Carbon::createFromTimestamp(intval($accessToken['expires_at'])); $data[self::XOAUTH_TOKEN_TTL] = $expiresAt->diffInSeconds(); } return $data; }