SESSION variable value changes evertime i visit a page - php

EDIT I am having this issue with chrome i have tested my script in
firefox and its working fine
I am using twitterOAuth api for twitter authentication for my website but when i authorize my twitter app in return to my callback url then it is not able to verify oauth_token because $_SESSION['oauth_token'] value is changed
Here is my code index.php which generate url for authentication and store session variable
<?php
require 'autoload.php';
use Abraham\TwitterOAuth\TwitterOAuth;
define('CONSUMER_KEY', 'abc');
define('CONSUMER_SECRET', 'abc');
define('OAUTH_CALLBACK', 'http://example.tk/callback.php');
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET);
$request_token = $connection->oauth('oauth/request_token', array('oauth_callback' => OAUTH_CALLBACK));
session_start();
$_SESSION['oauth_token'] = $request_token['oauth_token'];
echo "From Sessoin ".$_SESSION['oauth_token']."<br>";
$_SESSION['oauth_token_secret'] = $request_token['oauth_token_secret'];
$url = $connection->url('oauth/authorize', array('oauth_token' => $request_token['oauth_token']));
echo 'Login with twitter';
?>
Here is the code of callback url. Here user is redirected after they authorize app for authentication
<?php
session_start();
require 'autoload.php';
use Abraham\TwitterOAuth\TwitterOAuth;
define('CONSUMER_KEY', 'NxEvR3DcegC83BEKWsSqPrBpG');
define('CONSUMER_SECRET', 'hRPggFw6WNYcl8MfdOGb177y3JVwbAoSZEd2tR1HlJXq5jSRmL');
define('OAUTH_CALLBACK', 'http://www.skywebdeveloper.tk/callback.php');
$request_token = [];
$request_token['oauth_token'] = $_SESSION['oauth_token'];
$request_token['oauth_token_secret'] = $_SESSION['oauth_token_secret'];
if (isset($_REQUEST['oauth_token']) && $request_token['oauth_token'] !== $_REQUEST['oauth_token']) {
// Abort! Something is wrong.
echo "From Sessoin ".$_SESSION['oauth_token'];
echo "<br>From Request Method ".$_REQUEST['oauth_token'];
}
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $request_token['oauth_token'], $request_token['oauth_token_secret']);
//$access_token = $connection->oauth("oauth/access_token", array("oauth_verifier" => $_REQUEST['oauth_verifier']));
//echo $access_token;
?>
I have commented $access_token for debugging $_SESSION variable which changes evertime. $access_token is returning error invalid token which is because its not able to verify session variable with data send back

Related

I am unable to retrieve a request token using Twitter login library

I was attempting to implement the Twitter login library located here: https://github.com/abraham/twitteroauth
I have followed a couple tutorials line by line just to see if I could get it working, but it gives me:
"This page isn’t working. MyWebsite.com is unable to handle this request."
After looking through the code and trying some things, I realized the line that is causing it is this one in this picture:
<?php
session_start();
require 'autoload.php';
use Abraham\TwitterOAuth\TwitterOAuth;
define('CONSUMER_KEY', 'BlaBlaBlaBla'); // add your app consumer key between single quotes
define('CONSUMER_SECRET', 'BlaBlaBlaBla'); // add your app consumer secret key
between single quotes
define('oAUTH_CALLBACK', 'BlaBlaBlaBla/twitter/callback.php'); // your app callback URL
if (lisset($_SESSION['access_token'])) {
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET);
$request_token : $connection->oauth('oauth/request_token', array('oauth_callback' => oAUTH_CALLBACK));
$_SESSION['oauth_token'] : $request_token['oauth_token'];
$_SESSION['oauth_token_secret'] = $request_token['oauth_token_secret'];
$url : $connection->url('oauth/authorize', array('oauth_token' => $request_token['oauth_token']));
echo $url;
} else {
$access_token = $_SESSION['access_token'];
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $access_token['oauth_token'], $access_token[
oauth_token_secret']);
$user : $connection->get("account/verify_credentials")fl
echo $user->screen_name;
}
?>
Code image:
If anyone has any experience with this and could help, it would be really helpful.

Abraham's TwitterOAuth access_token keeps disapearing after refresh or button click

I'm trying to get the access_token of an user that just gave authorization to my twitter app. When I login, it works, but only remembers my access_token until I refresh or click on a button.
Code that I'm using:
require(__DIR__ . '/../../lib/data/twitter-login-api/autoload.php');
use Abraham\TwitterOAuth\TwitterOAuth;
$oauth_callback = OAUTH_CALLBACK;
$consumer_key = OAUTH_KEY;
$consumer_secret = OAUTH_SECRET;
//Do something if $_REQUEST occur and previous session is equal to current $_REQUEST
if (isset($_REQUEST['oauth_token']) && $_SESSION['oauth_token'] === $_REQUEST['oauth_token']) {
//Open first connection at callback
$connection = new TwitterOAuth($consumer_key, $consumer_secret, $_SESSION['oauth_token'], $_SESSION['oauth_token_secret']);
//Then verify your token
$access_token = $connection->oauth("oauth/access_token", array("oauth_verifier" => $_REQUEST['oauth_verifier']));
//Now you can save them
$_SESSION['new_session_for_oauth_token'] = $access_token['oauth_token'];
$_SESSION['new_session_for_oauth_token_secret'] = $access_token['oauth_token_secret'];
//You may also check it first
$connection = new TwitterOAuth($consumer_key, $consumer_secret, $_SESSION['new_session_for_oauth_token'], $_SESSION['new_session_for_oauth_token_secret']);
$check = $connection->get("account/verify_credentials");
$username = $check->name;
//To echo your account's stat
echo '<p>' . $check->statuses_count . '</p>';
echo '<p>' . $check->friends_count . '</p>';
echo '<p>' . $check->followers_count . '</p>';
echo '<p>' . $check->favourites_count . '</p>';
//And finally unset previous sessions
unset($_SESSION['oauth_token']);
unset($_SESSION['oauth_token_secret']);
//this is the end of callback url
} else {
$connection = new TwitterOAuth($consumer_key, $consumer_secret);
$request_token = $connection->oauth('oauth/request_token', array("oauth_callback" => $oauth_callback));
$_SESSION['oauth_token'] = $request_token['oauth_token'];
$_SESSION['oauth_token_secret'] = $request_token['oauth_token_secret'];
$twitter_url = $connection->url("oauth/authorize", array("oauth_token" => $request_token['oauth_token']));
}
It logs me in one time and I receive the access_token and access_token_secret but I need them to stay in a session so that I can also use it after a page refresh or click on a button.
What am I doing wrong?

I thought it's happen because you were instantiating a "non-access-tokened" connection before you verifying the access token.
At the very beginning,
//Open first connection at callback
$connection = new TwitterOAuth($consumer_key, $consumer_secret, $_SESSION['oauth_token'], $_SESSION['oauth_token_secret']);
//Then verify your token
$access_token = $connection->oauth("oauth/access_token", array("oauth_verifier" => $_REQUEST['oauth_verifier']));
//Now you can save them
$_SESSION['new_session_for_oauth_token'] = $access_token['oauth_token'];
$_SESSION['new_session_for_oauth_token_secret'] = $access_token['oauth_token_secret'];
Another thing you should notice that, you do need to unset previous token (before authorized) but of course after the authorizing phase has passed. And here, I added more expression better (on my sight) since you have only one page for "request" and "callback"
//Do something if $_REQUEST occur and previous session is equal to current $_REQUEST
if (isset($_REQUEST['oauth_token']) && $_SESSION['oauth_token'] === $_REQUEST['oauth_token']) {
//Open first connection at callback
$connection = new TwitterOAuth($consumer_key, $consumer_secret, $_SESSION['oauth_token'], $_SESSION['oauth_token_secret']);
//Then verify your token
$access_token = $connection->oauth("oauth/access_token", array("oauth_verifier" => $_REQUEST['oauth_verifier']));
//Now we overwrite previouse session with verified one
$_SESSION['oauth_token'] = $access_token['oauth_token'];
$_SESSION['oauth_token_secret'] = $access_token['oauth_token_secret'];
//You may also check it first
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $_SESSION['new_session_for_oauth_token'], $_SESSION['new_session_for_oauth_token_secret']);
$check = $connection->get("account/verify_credentials");
//To echo your account's stat
echo $check->statuses_count;
echo $check->friends_count;
echo $check->followers_count;
echo $check->favourites_count;
//And finally unset previous sessions
unset($_SESSION['oauth_token']);
unset($_SESSION['oauth_token_secret']);
//this is the end of callback url
} elseif (isset($_GET['twitter']) && $_GET['twitter'] === 'login') {
//Request a token aka login
$connection = new TwitterOAuth($consumer_key, $consumer_secret);
$request_token = $connection->oauth('oauth/request_token', array("oauth_callback" => $oauth_callback));
$_SESSION['oauth_token'] = $request_token['oauth_token'];
$_SESSION['oauth_token_secret'] = $request_token['oauth_token_secret'];
$twitter_url = $connection->url("oauth/authorize", array("oauth_token" => $request_token['oauth_token']));
} elseif (isset($_GET['twitter']) && $_GET['twitter'] === 'logout') {
//Destroy the session aka logout
unset($_SESSION['oauth_token']);
unset($_SESSION['oauth_token_secret']);
$url = parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);
header("location: {$url}");
exit();
}
//Before or after this snippet is HTML part
Now, in your HTML part, if you're going to login to Twitter, go to example.org/page.php?twitter=login. You can also do logging out by example.org/page.php?twitter=logout

Twitter OAuth: There is no request token for this page

I'm using Abraham's TwitterOAuth library to implement Twitter OAuth in my application. However, on clicking the Login button, users are sometimes redirected to the following page:
I said 'sometimes', because sometimes the Twitter OAuth provider does generate the request token, and the users are taken to the 'Grant Permission' page.
Is this a library issue? Or is this an issue with the Twitter OAuth provider? If there was an issue with my code, then this page should appear every time a user tries to login using his/her Twitter account, and not at random tries.
Here's the code of the template that the users are redirected to after clicking the Login button:
<?php
/*
*Template Name: OAuth
*/
?>
<pre>
<?php
session_start();
require "twitteroauth/autoload.php";
use Abraham\TwitterOAuth\TwitterOAuth;
define('CONSUMER_KEY', "XXXXXXXXXXXXXXX");
define('CONSUMER_SECRET', "XXXXXXXXXXXXXXXXXXXX");
define('OAUTH_CALLBACK', "http://localhost/wordpress/index.php/callback/");
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET);
$request_token = $connection->oauth('oauth/request_token', array('oauth_callback' => OAUTH_CALLBACK));
$_SESSION['oauth_token'] = $request_token['oauth_token'];
$_SESSION['oauth_token_secret'] = $request_token['oauth_token_secret'];
$url = $connection->url('oauth/authorize', array('oauth_token' => $request_token['oauth_token']));
header('Location: '.$url);
?>
</pre>
PS: I also tried regenerating the Consumer Key and Consumer Secret, but that doesn't seem to have solved the problem.

The two scenarios that seem most likely to me are:
1) There is an error while getting the request token. Try adding some error handling.
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET);
$request_token = $connection->oauth('oauth/request_token', array('oauth_callback' => OAUTH_CALLBACK));
if ($connection->getLastHttpCode() == 200) {
$_SESSION['oauth_token'] = $request_token['oauth_token'];
$_SESSION['oauth_token_secret'] = $request_token['oauth_token_secret'];
$url = $connection->url('oauth/authorize', array('oauth_token' => $request_token['oauth_token']));
header('Location: '.$url);
} else {
var_dump($request_token);
exit('Error getting request_token');
}
2) Twitter has a bug where it's not recognizing the the request_token for some reason.
The next step in debugging is to find out the status of $request_token that results in the error.

TwitterOAuth PHP Authentication request_token

I have set up an AWS instance with a LAMP stack and am trying to build a simple login with Twitter button using Abraham's TwitterOAuth (https://twitteroauth.com/redirect.php).
I've set up the config.php file to have the key, secret, and callback url that match the apps.twitter.com details. Here is my login.php file:
<?php
require "twitteroauth/autoload.php";
echo "require<br>";
use Abraham\TwitterOAuth\TwitterOAuth;
echo "use <br>";
session_start();
echo"session started <br>";
define('CONSUMER_KEY', getenv('CONSUMER_KEY'));
define('CONSUMER_SECRET', getenv('CONSUMER_SECRET'));
define('OAUTH_CALLBACK', getenv('OAUTH_CALLBACK'));
echo"vars defined <br>";
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $access_token, $access_token_secret);
//$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET);
echo "connection established <br>";
echo OAUTH_CALLBACK;
$request_token = $connection->oauth('oauth/request_token', array('oauth_callback' => OAUTH_CALLBACK));
echo "token requested<br>";
$_SESSION['oauth_token'] = $request_token['oauth_token'];
$_SESSION['oauth_token_secret'] = $request_token['oauth_token_secret'];
$url = $connection->url('oauth/authorize', array('oauth_token' => $request_token['oauth_token']));
?>
All the echoes work up until $request_token at which point it breaks. I've also tried without the echoes, but it still doesn't make it to the redirect step. Any help would be greatly appreciated! Thank you.

Was able to figure out that I had the key, secret and callback defined incorrectly at the top. Needed to use the variable name $CONSUMER_KEY instead of the environmental name.

how to disconnect your app twitter when twitter is close from the web

I need to associate my twitter application with my twitter account. In particular I would that when I click log out on my twitter account(https://twitter.com/) I log ou from my app twitter.In the code that I show below the login works but when I log out from my twitter account it doesn't log out from the app so the session is not close. The code is:
if (!isset($_SESSION["request_token"])) {
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET);
$request_token = $connection->oauth("oauth/request_token", array("oauth_callback" => OAUTH_CALLBACK));
if($request_token){
(NEEDED IN THE NEXT SCRIPT)
$oauth_token=$request_token['oauth_token'];
$token_secret=$request_token['oauth_token_secret'];
$_SESSION['request_token']=$oauth_token;
$_SESSION['request_token_secret']=$token_secret;
;
$url = $connection->url("oauth/authorize", array("oauth_token" => $oauth_token));
header('Location: ' . $url);
}
}else{
$connection = new TwitterOAuth(TWITTER_CONSUMER_KEY, TWITTER_CONSUMER_SECRET, $_SESSION['oauth_token'], $_SESSION['oauth_token_secret']);
$oauth_verifier = $_SESSION ['oauth_verifier'];
$token_secret = $_SESSION ['request_token_secret'];
$oauth_token = $_SESSION ['request_token'];
$trovato = false;
$connection = new TwitterOAuth (CONSUMER_KEY, CONSUMER_SECRET, $oauth_token, $token_secret );
$access_token = $connection->oauth("oauth/access_token",
$connection = new TwitterOAuth ( CONSUMER_KEY, CONSUMER_SECRET, $access_token ['oauth_token'], $access_token ['oauth_token_secret'] );
$content = $connection->get ( "account/verify_credentials" );
if(!empty($content->id)){
$_SESSION['screen_name']=$content->screen_name;
header('Location: ....);
}
The library is :
https://github.com/abraham/twitteroauth
Who are the parameters that I can use to check my log in?Anyone can help me?

Categories