0

我已经设置了 OAuth,并且我正在使用 CURL 来获取最新的推文,当我从浏览器运行它时,这非常有效

http://mydomain.com/getstatus.php

该脚本将状态写入文件:

$xTIME = time();
$oauth = array(
  'oauth_consumer_key'     => $consumer_key,
  'oauth_nonce'            => $xTIME,
  'oauth_signature_method' => 'HMAC-SHA1',
  'oauth_token'            => $oauth_access_token,
  'oauth_timestamp'        => $xTIME,
  'oauth_version'          => '1.0'
);

$base_info                = buildBaseString($url, 'GET', $oauth);
$composite_key            = rawurlencode($consumer_secret) . '&' . rawurlencode($oauth_access_token_secret);
$oauth_signature          = base64_encode(hash_hmac('sha1', $base_info, $composite_key, true));
$oauth['oauth_signature'] = $oauth_signature;

$header = array(buildAuthorizationHeader($oauth), 'Expect:');
$options = array(
  CURLOPT_HTTPHEADER     => $header,
  CURLOPT_HEADER         => false,
  CURLOPT_URL            => $url,
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_SSL_VERIFYPEER => false
);

$feed = curl_init();
curl_setopt_array($feed, $options);
$json = curl_exec($feed);
curl_close($feed);

$twitter_data = json_decode($json); 

if(isset($twitter_data[0]->text))
{
  $fp = fopen('/var/www/mydomain.com/feeds/twitter.feed', 'w');
  fwrite($fp, $twitter_data[0]->text);
  fclose($fp);
}

这很好地写入文件,想法是每小时运行一次。

所以我设置了一个cronjob

0 * * * * lynx -accept_all_cookies http://mydomain.com/getstatus.php

但我得到了这个回报:

[request] => /1/statuses/user_timeline.json?count=1&screen_name=twitter
[error] => Rate limit exceeded. Clients may not make more than 150 requests per hour.

这表明它没有授权,因此将该请求视为未经身份验证的请求。

我的问题是,为什么不授权?

我尝试将它作为 crontab 运行并通过 lynx 运行,两次都得到相同的结果。

编辑:

这是完整的功能,

function buildBaseString($baseURI, $method, $params)
{
    $r = array(); 
    ksort($params);
    foreach($params as $key=>$value){
        $r[] = "$key=" . rawurlencode($value); 
    }
    return $method."&" . rawurlencode($baseURI) . '&' . rawurlencode(implode('&', $r)); 
}

function buildAuthorizationHeader($oauth)
{
    $r = 'Authorization: OAuth '; 
    $values = array(); 
    foreach($oauth as $key=>$value)
        $values[] = "$key=\"" . rawurlencode($value) . "\""; 
    $r .= implode(', ', $values); 
    return $r; 
}

function loadTW($twID)
{
    $url = "https://api.twitter.com/1/statuses/user_timeline.json&count=1&screen_name=" .$twID;

    $oauth_access_token = "68161130-X4HRZje9wB3lpyeOPYDJPsqG1JfJxxxxxxxx";
    $oauth_access_token_secret = "zN98CUldHN4eiVeGahZIvpNeUGljRTxxxxxxxx";
    $consumer_key = "PeVEz2Z0QSKtxxxxxxx";
    $consumer_secret = "An9Xh3qHHTEiTQzW5wKLFMHOrbzwFtwxxxxxxxx";

    $xTIME = time();
    $oauth = array( 'oauth_consumer_key' => $consumer_key,
                    'oauth_nonce' => $xTIME,
                    'oauth_signature_method' => 'HMAC-SHA1',
                    'oauth_token' => $oauth_access_token,
                    'oauth_timestamp' => $xTIME,
                    'oauth_version' => '1.0');  


    $base_info = buildBaseString($url, 'GET', $oauth);

    $composite_key = rawurlencode($consumer_secret) . '&' . rawurlencode($oauth_access_token_secret);

    $oauth_signature = base64_encode(hash_hmac('sha1', $base_info, $composite_key, true));

    $oauth['oauth_signature'] = $oauth_signature;                       

    $header = array(buildAuthorizationHeader($oauth), 'Expect:');
    $options = array( CURLOPT_HTTPHEADER => $header,
                      CURLOPT_HEADER => false,
                      CURLOPT_URL => $url,
                      CURLOPT_RETURNTRANSFER => true,
                      CURLOPT_SSL_VERIFYPEER => false);

    $feed = curl_init();
    curl_setopt_array($feed, $options);
    $json = curl_exec($feed);
    curl_close($feed);

    $twitter_data = json_decode($json); 

    if(isset($twitter_data[0]->text))
    {
        $fp = fopen('/var/www/carlandalexfishing.co.uk/feeds/twitter.feed', 'w');
        fwrite($fp, $twitter_data[0]->text);
        fclose($fp);
    }
}
4

1 回答 1

1

很难知道代码中发生了什么,因为它不是完整的代码。反正 :

  • 您的 OAuth 代码仅对 oauth_* 标头进行签名,而不是任何查询参数。
  • 从错误消息来看,您的$url变量似乎也包含查询参数。

要解决这个问题,只需将查询参数移动到一个单独的数组中并用它们签署 OAuth 请求。

出了什么问题的说明(故意省略了 url 编码并添加了空格):

GET & https://api.twitter.com/1/endpoint.json?count=1&screen_name=twitter & oauth_abc=def&oauth_ghi=jkl

URL 的查询部分不应进入 OAuth 基本字符串的第二部分。更好的 :

GET & https://api.twitter.com/1/endpoint.json & count=1&oauth_abc=def&oauth_ghi=jkl&screen_name=twitter
于 2013-01-03T10:27:07.007 回答