From 93c0a8212ce6f4554275dc03c64b2eb6982c5abf Mon Sep 17 00:00:00 2001
From: ECHibiki <34425597+ECHibiki@users.noreply.github.com>
Date: Tue, 30 Jan 2018 06:49:59 -0500
Subject: [PATCH] Making access, malformed oath_signature

---
 tweet.php | 96 +++++++++++++++++++++++++++++++++++++++++----------------------
 1 file changed, 63 insertions(+), 33 deletions(-)
 rewrite tweet.php (98%)

diff --git a/tweet.php b/tweet.php
dissimilarity index 98%
index fb94f5c..40d9eea 100644
--- a/tweet.php
+++ b/tweet.php
@@ -1,33 +1,63 @@
-<?php 
-
-//Taken and editted from https://gist.github.com/m13z/6270524 -- twitter_oauth_curl.php
-
-/*
-* using curl
-*/
-
-$key = '';
-$secret = '';
-$api_endpoint = 'https://api.twitter.com/1.1/users/'; // endpoint must support "Application-only authentication"
-
-// request token
-$basic_credentials = base64_encode($key.':'.$secret);
-$tk = curl_init('https://api.twitter.com/oauth2/token');
-curl_setopt($tk, CURLOPT_HTTPHEADER, array('Authorization: Basic '.$basic_credentials, 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8'));
-curl_setopt($tk, CURLOPT_POSTFIELDS, 'grant_type=client_credentials');
-curl_setopt($tk, CURLOPT_RETURNTRANSFER, true);
-$token = json_decode(curl_exec($tk));
-curl_close($tk);
-
-// use token
-if (isset($token->token_type) && $token->token_type == 'bearer') {
-	$br = curl_init($api_endpoint);
-	curl_setopt($br, CURLOPT_HTTPHEADER, array('Authorization: Bearer '.$token->access_token));
-	curl_setopt($br, CURLOPT_RETURNTRANSFER, true);
-	$data = curl_exec($br);
-	curl_close($br);
-  
-	// do_something_here_with($data);
-}
-
-?>
+<?php 
+//From https://stackoverflow.com/questions/3295466/another-twitter-oauth-curl-access-token-request-that-fails/3327391#3327391
+function generateSingature($params){
+	var_dump($params);
+	
+	  // BUILD SIGNATURE
+            // encode params keys, values, join and then sort.
+            $keys = _urlencode_rfc3986(array_keys($params));
+            $values = _urlencode_rfc3986(array_values($params));
+            $params = array_combine($keys, $values);
+            uksort($params, 'strcmp');
+
+            // convert params to string 
+            foreach ($params as $k => $v) {$pairs[] = _urlencode_rfc3986($k).'='._urlencode_rfc3986($v);}
+            $concatenatedParams = implode('&', $pairs);
+
+            // form base string (first key)
+            $baseString= "GET&"._urlencode_rfc3986(request_token)."&"._urlencode_rfc3986($concatenatedParams);
+            // form secret (second key)
+            $secret = _urlencode_rfc3986(secret)."&";
+            // make signature and append to params
+			$params['oauth_signature'] = _urlencode_rfc3986(base64_encode(hash_hmac('sha1', $baseString, $secret, TRUE)));
+
+}
+
+$msg = "testing";
+//dumb approximation
+$msg_len = decoct(strlen($msg) + 10);
+
+$consumer_key = "-------";
+$access_token = "-------";
+$random_value = str_replace("=", "2", base64_encode(rand(10000000000,1000000000000)));
+$timestamp = time();
+$method = "HMAC-SHA1";
+
+$signature = generateSingature(array(
+							"oauth_version" => "1.0",
+							"oauth_nonce"=>"$random_value",
+							"oauth_timestamp" => "$timestamp",
+							"oauth_consumer_key" => "$consumer_key",
+							"oauth_signature_method" => "HMAC-SHA1"
+));
+
+$curl = curl_init("https://api.twitter.com/1.1/statuses/update.json");
+curl_setopt($curl, CURLOPT_HTTPHEADER, array("Accept: */*", "Connection: close","User-Agent: VerniyXYZ-CURL" ,"Host: api.twitter.com",
+												"Content-Type: application/x-www-form-urlencoded;charset=UTF-8", 
+												"Content-Length: $msg_len", "Host: api.twitter.com",
+												
+												"Authorization:
+													OAuth oauth_consumer_key='$consumer_key',
+													oauth_nonce='$random_value',
+													oauth_signature='$signature',
+													oauth_signature_method='$method',
+													oauth_timestamp='$timestamp',
+													oauth_token='$access_token',
+													oauth_version='1.0'
+													"
+												
+												));
+curl_setopt($curl, CURLOPT_POST, 1);
+curl_setopt($curl, CURLOPT_POSTFIELDS, "include_entities=true&status=$msg");
+var_dump(curl_exec($curl));
+?>
-- 
2.11.4.GIT