mgng · January 14, 2010 01:32
diff --git a/OAuth.php b/OAuth.php
 <?php
 // vim: foldmethod=marker

 ini_set('display_errors', 'off'); // エラー表示させないようにしとく

 /* Generic exception class
 */
 class OAuthException extends Exception {/*{{{*/
  // pass
 }/*}}}*/

 class OAuthConsumer {/*{{{*/
  public $key;
  public $secret;

  function __construct($key, $secret, $callback_url=NULL) {/*{{{*/
    $this->key = $key;
    $this->secret = $secret;
    $this->callback_url = $callback_url;
  }/*}}}*/

  function __toString() {/*{{{*/
    return "OAuthConsumer[key=$this->key,secret=$this->secret]";
  }/*}}}*/
 }/*}}}*/

 class OAuthToken {/*{{{*/
  // access tokens and request tokens
  public $key;
  public $secret;

  /**
   * key = the token
   * secret = the token secret
   */
  function __construct($key, $secret) {/*{{{*/
    $this->key = $key;
    $this->secret = $secret;
  }/*}}}*/

  /**
   * generates the basic string serialization of a token that a server
   * would respond to request_token and access_token calls with
   */
  function to_string() {/*{{{*/
    return "oauth_token=" . OAuthUtil::urlencode_rfc3986($this->key) .
        "&oauth_token_secret=" . OAuthUtil::urlencode_rfc3986($this->secret);
  }/*}}}*/

  function __toString() {/*{{{*/
    return $this->to_string();
  }/*}}}*/
 }/*}}}*/

 class OAuthSignatureMethod {/*{{{*/
  public function check_signature(&$request, $consumer, $token, $signature) {
    $built = $this->build_signature($request, $consumer, $token);
    return $built == $signature;
  }
 }/*}}}*/

 class OAuthSignatureMethod_HMAC_SHA1 extends OAuthSignatureMethod {/*{{{*/
  function get_name() {/*{{{*/
    return "HMAC-SHA1";
  }/*}}}*/

  public function build_signature($request, $consumer, $token) {/*{{{*/
    $base_string = $request->get_signature_base_string();
    $request->base_string = $base_string;

    $key_parts = array(
      $consumer->secret,
      ($token) ? $token->secret : ""
    );

    $key_parts = OAuthUtil::urlencode_rfc3986($key_parts);
    $key = implode('&', $key_parts);

    return base64_encode( hash_hmac('sha1', $base_string, $key, true));
  }/*}}}*/
 }/*}}}*/

 class OAuthSignatureMethod_PLAINTEXT extends OAuthSignatureMethod {/*{{{*/
  public function get_name() {/*{{{*/
    return "PLAINTEXT";
  }/*}}}*/

  public function build_signature($request, $consumer, $token) {/*{{{*/
    $sig = array(
      OAuthUtil::urlencode_rfc3986($consumer->secret)
    );

    if ($token) {
      array_push($sig, OAuthUtil::urlencode_rfc3986($token->secret));
    } else {
      array_push($sig, '');
    }

    $raw = implode("&", $sig);
    // for debug purposes
    $request->base_string = $raw;

    return OAuthUtil::urlencode_rfc3986($raw);
  }/*}}}*/
 }/*}}}*/

 class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod {/*{{{*/
  public function get_name() {/*{{{*/
    return "RSA-SHA1";
  }/*}}}*/

  protected function fetch_public_cert(&$request) {/*{{{*/
    // not implemented yet, ideas are:
    // (1) do a lookup in a table of trusted certs keyed off of consumer
    // (2) fetch via http using a url provided by the requester
    // (3) some sort of specific discovery code based on request
    //
    // either way should return a string representation of the certificate
    throw Exception("fetch_public_cert not implemented");
  }/*}}}*/

  protected function fetch_private_cert(&$request) {/*{{{*/
    // not implemented yet, ideas are:
    // (1) do a lookup in a table of trusted certs keyed off of consumer
    //
    // either way should return a string representation of the certificate
    throw Exception("fetch_private_cert not implemented");
  }/*}}}*/

  public function build_signature(&$request, $consumer, $token) {/*{{{*/
    $base_string = $request->get_signature_base_string();
    $request->base_string = $base_string;

    // Fetch the private key cert based on the request
    $cert = $this->fetch_private_cert($request);

    // Pull the private key ID from the certificate
    $privatekeyid = openssl_get_privatekey($cert);

    // Sign using the key
    $ok = openssl_sign($base_string, $signature, $privatekeyid);

    // Release the key resource
    openssl_free_key($privatekeyid);

    return base64_encode($signature);
  } /*}}}*/

  public function check_signature(&$request, $consumer, $token, $signature) {/*{{{*/
    $decoded_sig = base64_decode($signature);

    $base_string = $request->get_signature_base_string();

    // Fetch the public key cert based on the request
    $cert = $this->fetch_public_cert($request);

    // Pull the public key ID from the certificate
    $publickeyid = openssl_get_publickey($cert);

    // Check the computed signature against the one passed in the query
    $ok = openssl_verify($base_string, $decoded_sig, $publickeyid);

    // Release the key resource
    openssl_free_key($publickeyid);

    return $ok == 1;
  } /*}}}*/
 }/*}}}*/

 class OAuthRequest {/*{{{*/
  private $parameters;
  private $http_method;
  private $http_url;
  // for debug purposes
  public $base_string;
  public static $version = '1.0';

  function __construct($http_method, $http_url, $parameters=NULL) {/*{{{*/
    @$parameters or $parameters = array();
    $this->parameters = $parameters;
    $this->http_method = $http_method;
    $this->http_url = $http_url;
  }/*}}}*/


  /**
   * attempt to build up a request from what was passed to the server
   */
  public static function from_request($http_method=NULL, $http_url=NULL, $parameters=NULL) {/*{{{*/
    $scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on") ? 'http' : 'https';
    @$http_url or $http_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . ':' . $_SERVER['SERVER_PORT'] . $_SERVER['REQUEST_URI'];
    @$http_method or $http_method = $_SERVER['REQUEST_METHOD'];

    $request_headers = OAuthRequest::get_headers();

    // let the library user override things however they'd like, if they know
    // which parameters to use then go for it, for example XMLRPC might want to
    // do this
    if ($parameters) {
      $req = new OAuthRequest($http_method, $http_url, $parameters);
    } else {
      // collect request parameters from query string (GET) and post-data (POST) if appropriate (note: POST vars have priority)
      $req_parameters = $_GET;
      if ($http_method == "POST" && @strstr($request_headers["Content-Type"], "application/x-www-form-urlencoded") ) {
        $req_parameters = array_merge($req_parameters, $_POST);
      }

      // next check for the auth header, we need to do some extra stuff
      // if that is the case, namely suck in the parameters from GET or POST
      // so that we can include them in the signature
      if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
        $header_parameters = OAuthRequest::split_header($request_headers['Authorization']);
        $parameters = array_merge($req_parameters, $header_parameters);
        $req = new OAuthRequest($http_method, $http_url, $parameters);
      } else $req = new OAuthRequest($http_method, $http_url, $req_parameters);
    }

    return $req;
  }/*}}}*/

  /**
   * pretty much a helper function to set up the request
   */
  public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters=NULL) {/*{{{*/
    @$parameters or $parameters = array();
    $defaults = array("oauth_version" => OAuthRequest::$version,
                      "oauth_nonce" => OAuthRequest::generate_nonce(),
                      "oauth_timestamp" => OAuthRequest::generate_timestamp(),
                      "oauth_consumer_key" => $consumer->key);
    $parameters = array_merge($defaults, $parameters);

    if ($token) {
      $parameters['oauth_token'] = $token->key;
    }
    return new OAuthRequest($http_method, $http_url, $parameters);
  }/*}}}*/

  public function set_parameter($name, $value) {/*{{{*/
    $this->parameters[$name] = $value;
  }/*}}}*/

  public function get_parameter($name) {/*{{{*/
    return isset($this->parameters[$name]) ? $this->parameters[$name] : null;
  }/*}}}*/

  public function get_parameters() {/*{{{*/
    return $this->parameters;
  }/*}}}*/

  /**
   * Returns the normalized parameters of the request
   *
   * This will be all (except oauth_signature) parameters,
   * sorted first by key, and if duplicate keys, then by
   * value.
   *
   * The returned string will be all the key=value pairs
   * concated by &.
   *
   * @return string
   */
  public function get_signable_parameters() {/*{{{*/
    // Grab all parameters
    $params = $this->parameters;

    // Remove oauth_signature if present
    if (isset($params['oauth_signature'])) {
      unset($params['oauth_signature']);
    }

    // Urlencode both keys and values
    $keys = OAuthUtil::urlencode_rfc3986(array_keys($params));
    $values = OAuthUtil::urlencode_rfc3986(array_values($params));
    $params = array_combine($keys, $values);

    // Sort by keys (natsort)
    uksort($params, 'strcmp');

    // Generate key=value pairs
    $pairs = array();
    foreach ($params as $key=>$value ) {
      if (is_array($value)) {
        // If the value is an array, it's because there are multiple
        // with the same key, sort them, then add all the pairs
        natsort($value);
        foreach ($value as $v2) {
          $pairs[] = $key . '=' . $v2;
        }
      } else {
        $pairs[] = $key . '=' . $value;
      }
    }

    // Return the pairs, concated with &
    return implode('&', $pairs);
  }/*}}}*/

  /**
   * Returns the base string of this request
   *
   * The base string defined as the method, the url
   * and the parameters (normalized), each urlencoded
   * and the concated with &.
   */
  public function get_signature_base_string() {/*{{{*/
    $parts = array(
      $this->get_normalized_http_method(),
      $this->get_normalized_http_url(),
      $this->get_signable_parameters()
    );

    $parts = OAuthUtil::urlencode_rfc3986($parts);

    return implode('&', $parts);
  }/*}}}*/

  /**
   * just uppercases the http method
   */
  public function get_normalized_http_method() {/*{{{*/
    return strtoupper($this->http_method);
  }/*}}}*/

  /**
   * parses the url and rebuilds it to be
   * scheme://host/path
   */
  public function get_normalized_http_url() {/*{{{*/
    $parts = parse_url($this->http_url);

    $port = @$parts['port'];
    $scheme = $parts['scheme'];
    $host = $parts['host'];
    $path = @$parts['path'];

    $port or $port = ($scheme == 'https') ? '443' : '80';

    if (($scheme == 'https' && $port != '443')
        || ($scheme == 'http' && $port != '80')) {
      $host = "$host:$port";
    }
    return "$scheme://$host$path";
  }/*}}}*/

  /**
   * builds a url usable for a GET request
   */
  public function to_url() {/*{{{*/
    $out = $this->get_normalized_http_url() . "?";
    $out .= $this->to_postdata();
    return $out;
  }/*}}}*/

  /**
   * builds the data one would send in a POST request
   *
   * TODO(morten.fangel):
   * this function might be easily replaced with http_build_query()
   * and corrections for rfc3986 compatibility.. but not sure
   */
  public function to_postdata() {/*{{{*/
    $total = array();
    foreach ($this->parameters as $k => $v) {
      if (is_array($v)) {
        foreach ($v as $va) {
          $total[] = OAuthUtil::urlencode_rfc3986($k) . "[]=" . OAuthUtil::urlencode_rfc3986($va);
        }
      } else {
        $total[] = OAuthUtil::urlencode_rfc3986($k) . "=" . OAuthUtil::urlencode_rfc3986($v);
      }
    }
    $out = implode("&", $total);
    return $out;
  }/*}}}*/

  /**
   * builds the Authorization: header
   */
  public function to_header() {/*{{{*/
    $out ='Authorization: OAuth realm=""';
    $total = array();
    foreach ($this->parameters as $k => $v) {
      if (substr($k, 0, 5) != "oauth") continue;
      if (is_array($v)) throw new OAuthException('Arrays not supported in headers');
      $out .= ',' . OAuthUtil::urlencode_rfc3986($k) . '="' . OAuthUtil::urlencode_rfc3986($v) . '"';
    }
    return $out;
  }/*}}}*/

  public function __toString() {/*{{{*/
    return $this->to_url();
  }/*}}}*/


  public function sign_request($signature_method, $consumer, $token) {/*{{{*/
    $this->set_parameter("oauth_signature_method", $signature_method->get_name());
    $signature = $this->build_signature($signature_method, $consumer, $token);
    $this->set_parameter("oauth_signature", $signature);
  }/*}}}*/

  public function build_signature($signature_method, $consumer, $token) {/*{{{*/
    $signature = $signature_method->build_signature($this, $consumer, $token);
    return $signature;
  }/*}}}*/

  /**
   * util function: current timestamp
   */
  private static function generate_timestamp() {/*{{{*/
    return time();
  }/*}}}*/

  /**
   * util function: current nonce
   */
  private static function generate_nonce() {/*{{{*/
    $mt = microtime();
    $rand = mt_rand();

    return md5($mt . $rand); // md5s look nicer than numbers
  }/*}}}*/

  /**
   * util function for turning the Authorization: header into
   * parameters, has to do some unescaping
   */
  private static function split_header($header) {/*{{{*/
    $pattern = '/(([-_a-z]*)=("([^"]*)"|([^,]*)),?)/';
    $offset = 0;
    $params = array();
    while (preg_match($pattern, $header, $matches, PREG_OFFSET_CAPTURE, $offset) > 0) {
      $match = $matches[0];
      $header_name = $matches[2][0];
      $header_content = (isset($matches[5])) ? $matches[5][0] : $matches[4][0];
      $params[$header_name] = OAuthUtil::urldecode_rfc3986( $header_content );
      $offset = $match[1] + strlen($match[0]);
    }

    if (isset($params['realm'])) {
       unset($params['realm']);
    }

    return $params;
  }/*}}}*/

  /**
   * helper to try to sort out headers for people who aren't running apache
   */
  private static function get_headers() {/*{{{*/
    if (function_exists('apache_request_headers')) {
      // we need this to get the actual Authorization: header
      // because apache tends to tell us it doesn't exist
      return apache_request_headers();
    }
    // otherwise we don't have apache and are just going to have to hope
    // that $_SERVER actually contains what we need
    $out = array();
    foreach ($_SERVER as $key => $value) {
      if (substr($key, 0, 5) == "HTTP_") {
        // this is chaos, basically it is just there to capitalize the first
        // letter of every word that is not an initial HTTP and strip HTTP
        // code from przemek
        $key = str_replace(" ", "-", ucwords(strtolower(str_replace("_", " ", substr($key, 5)))));
        $out[$key] = $value;
      }
    }
    return $out;
  }/*}}}*/
 }/*}}}*/

 class OAuthServer {/*{{{*/
  protected $timestamp_threshold = 300; // in seconds, five minutes
  protected $version = 1.0;             // hi blaine
  protected $signature_methods = array();

  protected $data_store;

  function __construct($data_store) {/*{{{*/
    $this->data_store = $data_store;
  }/*}}}*/

  public function add_signature_method($signature_method) {/*{{{*/
    $this->signature_methods[$signature_method->get_name()] =
        $signature_method;
  }/*}}}*/

  // high level functions

  /**
   * process a request_token request
   * returns the request token on success
   */
  public function fetch_request_token(&$request) {/*{{{*/
    $this->get_version($request);

    $consumer = $this->get_consumer($request);

    // no token required for the initial token request
    $token = NULL;

    $this->check_signature($request, $consumer, $token);

    $new_token = $this->data_store->new_request_token($consumer);

    return $new_token;
  }/*}}}*/

  /**
   * process an access_token request
   * returns the access token on success
   */
  public function fetch_access_token(&$request) {/*{{{*/
    $this->get_version($request);

    $consumer = $this->get_consumer($request);

    // requires authorized request token
    $token = $this->get_token($request, $consumer, "request");


    $this->check_signature($request, $consumer, $token);

    $new_token = $this->data_store->new_access_token($token, $consumer);

    return $new_token;
  }/*}}}*/

  /**
   * verify an api call, checks all the parameters
   */
  public function verify_request(&$request) {/*{{{*/
    $this->get_version($request);
    $consumer = $this->get_consumer($request);
    $token = $this->get_token($request, $consumer, "access");
    $this->check_signature($request, $consumer, $token);
    return array($consumer, $token);
  }/*}}}*/

  // Internals from here
  /**
   * version 1
   */
  private function get_version(&$request) {/*{{{*/
    $version = $request->get_parameter("oauth_version");
    if (!$version) {
      $version = 1.0;
    }
    if ($version && $version != $this->version) {
      throw new OAuthException("OAuth version '$version' not supported");
    }
    return $version;
  }/*}}}*/

  /**
   * figure out the signature with some defaults
   */
  private function get_signature_method(&$request) {/*{{{*/
    $signature_method =
        @$request->get_parameter("oauth_signature_method");
    if (!$signature_method) {
      $signature_method = "PLAINTEXT";
    }
    if (!in_array($signature_method,
                  array_keys($this->signature_methods))) {
      throw new OAuthException(
        "Signature method '$signature_method' not supported try one of the following: " . implode(", ", array_keys($this->signature_methods))
      );
    }
    return $this->signature_methods[$signature_method];
  }/*}}}*/

  /**
   * try to find the consumer for the provided request's consumer key
   */
  private function get_consumer(&$request) {/*{{{*/
    $consumer_key = @$request->get_parameter("oauth_consumer_key");
    if (!$consumer_key) {
      throw new OAuthException("Invalid consumer key");
    }

    $consumer = $this->data_store->lookup_consumer($consumer_key);
    if (!$consumer) {
      throw new OAuthException("Invalid consumer");
    }

    return $consumer;
  }/*}}}*/

  /**
   * try to find the token for the provided request's token key
   */
  private function get_token(&$request, $consumer, $token_type="access") {/*{{{*/
    $token_field = @$request->get_parameter('oauth_token');
    $token = $this->data_store->lookup_token(
      $consumer, $token_type, $token_field
    );
    if (!$token) {
      throw new OAuthException("Invalid $token_type token: $token_field");
    }
    return $token;
  }/*}}}*/

  /**
   * all-in-one function to check the signature on a request
   * should guess the signature method appropriately
   */
  private function check_signature(&$request, $consumer, $token) {/*{{{*/
    // this should probably be in a different method
    $timestamp = @$request->get_parameter('oauth_timestamp');
    $nonce = @$request->get_parameter('oauth_nonce');

    $this->check_timestamp($timestamp);
    $this->check_nonce($consumer, $token, $nonce, $timestamp);

    $signature_method = $this->get_signature_method($request);

    $signature = $request->get_parameter('oauth_signature');
    $valid_sig = $signature_method->check_signature(
      $request,
      $consumer,
      $token,
      $signature
    );

    if (!$valid_sig) {
      throw new OAuthException("Invalid signature");
    }
  }/*}}}*/

  /**
   * check that the timestamp is new enough
   */
  private function check_timestamp($timestamp) {/*{{{*/
    // verify that timestamp is recentish
    $now = time();
    if ($now - $timestamp > $this->timestamp_threshold) {
      throw new OAuthException("Expired timestamp, yours $timestamp, ours $now");
    }
  }/*}}}*/

  /**
   * check that the nonce is not repeated
   */
  private function check_nonce($consumer, $token, $nonce, $timestamp) {/*{{{*/
    // verify that the nonce is uniqueish
    $found = $this->data_store->lookup_nonce($consumer, $token, $nonce, $timestamp);
    if ($found) {
      throw new OAuthException("Nonce already used: $nonce");
    }
  }/*}}}*/



 }/*}}}*/

 class OAuthDataStore {/*{{{*/
  function lookup_consumer($consumer_key) {/*{{{*/
    // implement me
  }/*}}}*/

  function lookup_token($consumer, $token_type, $token) {/*{{{*/
    // implement me
  }/*}}}*/

  function lookup_nonce($consumer, $token, $nonce, $timestamp) {/*{{{*/
    // implement me
  }/*}}}*/

  function new_request_token($consumer) {/*{{{*/
    // return a new token attached to this consumer
  }/*}}}*/

  function new_access_token($token, $consumer) {/*{{{*/
    // return a new access token attached to this consumer
    // for the user associated with this token if the request token
    // is authorized
    // should also invalidate the request token
  }/*}}}*/

 }/*}}}*/


 /*  A very naive dbm-based oauth storage
 */
 class SimpleOAuthDataStore extends OAuthDataStore {/*{{{*/
  private $dbh;

  function __construct($path = "oauth.gdbm") {/*{{{*/
    $this->dbh = dba_popen($path, 'c', 'gdbm');
  }/*}}}*/

  function __destruct() {/*{{{*/
    dba_close($this->dbh);
  }/*}}}*/

  function lookup_consumer($consumer_key) {/*{{{*/
    $rv = dba_fetch("consumer_$consumer_key", $this->dbh);
    if ($rv === FALSE) {
      return NULL;
    }
    $obj = unserialize($rv);
    if (!($obj instanceof OAuthConsumer)) {
      return NULL;
    }
    return $obj;
  }/*}}}*/

  function lookup_token($consumer, $token_type, $token) {/*{{{*/
    $rv = dba_fetch("${token_type}_${token}", $this->dbh);
    if ($rv === FALSE) {
      return NULL;
    }
    $obj = unserialize($rv);
    if (!($obj instanceof OAuthToken)) {
      return NULL;
    }
    return $obj;
  }/*}}}*/

  function lookup_nonce($consumer, $token, $nonce, $timestamp) {/*{{{*/
    if (dba_exists("nonce_$nonce", $this->dbh)) {
      return TRUE;
    } else {
      dba_insert("nonce_$nonce", "1", $this->dbh);
      return FALSE;
    }
  }/*}}}*/

  function new_token($consumer, $type="request") {/*{{{*/
    $key = md5(time());
    $secret = time() + time();
    $token = new OAuthToken($key, md5(md5($secret)));
    if (!dba_insert("${type}_$key", serialize($token), $this->dbh)) {
      throw new OAuthException("doooom!");
    }
    return $token;
  }/*}}}*/

  function new_request_token($consumer) {/*{{{*/
    return $this->new_token($consumer, "request");
  }/*}}}*/

  function new_access_token($token, $consumer) {/*{{{*/

    $token = $this->new_token($consumer, 'access');
    dba_delete("request_" . $token->key, $this->dbh);
    return $token;
  }/*}}}*/
 }/*}}}*/

 class OAuthUtil {/*{{{*/
  public static function urlencode_rfc3986($input) {/*{{{*/
  if (is_array($input)) {
    return array_map(array('OAuthUtil','urlencode_rfc3986'), $input);
  } else if (is_scalar($input)) {
    return str_replace('+', ' ',
                         str_replace('%7E', '~', rawurlencode($input)));
  } else {
    return '';
  }
  }/*}}}*/


  // This decode function isn't taking into consideration the above
  // modifications to the encoding process. However, this method doesn't
  // seem to be used anywhere so leaving it as is.
  public static function urldecode_rfc3986($string) {/*{{{*/
    return rawurldecode($string);
  }/*}}}*/
 }/*}}}*/
diff --git a/oauth_test.php b/oauth_test.php
 <?php
 // require twitterOAuth lib
 require_once('twitterOAuth.php');

 /* Sessions are used to keep track of tokens while user authenticates with twitter */
 session_start();

 /* Consumer key from twitter */
 $consumer_key = 'あなたのコンシューマキー';

 /* Consumer Secret from twitter */
 $consumer_secret = 'あなたのコンシューマシークレット';

 /* Set up placeholder */
 $content = NULL;

 /* Set state if previous session */
 $state = $_SESSION['oauth_state'];

 /* Checks if oauth_token is set from returning from twitter */
 $session_token = $_SESSION['oauth_request_token'];

 /* Checks if oauth_token is set from returning from twitter */

 $oauth_token = $_REQUEST['oauth_token'];

 /* Set section var */
 $section = $_REQUEST['section'];

 /* Clear PHP sessions */
 if ($_REQUEST['test'] === 'clear') {/*{{{*/
  session_destroy();
  session_start();
 }/*}}}*/

 /* If oauth_token is missing get it */
 if ($_REQUEST['oauth_token'] != NULL && $_SESSION['oauth_state'] === 'start') {/*{{{*/
  $_SESSION['oauth_state'] = $state = 'returned';
 }/*}}}*/

 /*
 * Switch based on where in the process you are
 *
 * 'default': Get a request token from twitter for new user
 * 'returned': The user has authorize the app on twitter
 */
 switch ($state) {/*{{{*/
  default:
    /* Create TwitterOAuth object with app key/secret */
    $to = new TwitterOAuth($consumer_key, $consumer_secret);
    /* Request tokens from twitter */
    $tok = $to->getRequestToken();

    /* Save tokens for later */
    $_SESSION['oauth_request_token'] = $token = $tok['oauth_token'];
    $_SESSION['oauth_request_token_secret'] = $tok['oauth_token_secret'];
    $_SESSION['oauth_state'] = "start";

    /* Build the authorization URL */
    $request_link = $to->getAuthorizeURL($token);

    /* Build link that gets user to twitter to authorize the app */
    $content = 'Click on the link to go to twitter to authorize your account.';
    $content .= '<br /><a href="'.$request_link.'">'.$request_link.'</a>';
    break;
  case 'returned':
    /* If the access tokens are already set skip to the API call */
    if ($_SESSION['oauth_access_token'] === NULL && $_SESSION['oauth_access_token_secret'] === NULL) {
      /* Create TwitterOAuth object with app key/secret and token key/secret from default phase */
      $to = new TwitterOAuth($consumer_key, $consumer_secret, $_SESSION['oauth_request_token'], $_SESSION['oauth_request_token_secret']);
      /* Request access tokens from twitter */
      $tok = $to->getAccessToken();

      /* Save the access tokens. Normally these would be saved in a database for future use. */
      $_SESSION['oauth_access_token'] = $tok['oauth_token'];
      $_SESSION['oauth_access_token_secret'] = $tok['oauth_token_secret'];
    }
    /* Random copy */
    $content = 'your account should now be registered with twitter. Check here:<br />';
    $content .= '<a href="https://twitter.com/account/connections">https://twitter.com/account/connections</a>';

    /* Create TwitterOAuth with app key/secret and user access key/secret */
    $to = new TwitterOAuth($consumer_key, $consumer_secret, $_SESSION['oauth_access_token'], $_SESSION['oauth_access_token_secret']);
    /* Run request on twitter API as user. */
    $content = $to->OAuthRequest('https://twitter.com/account/verify_credentials.xml', array(), 'GET');
    //$content = $to->OAuthRequest('https://twitter.com/statuses/update.xml', array('status' => 'Test OAuth update.'), 'POST');
    //$content = $to->OAuthRequest('https://twitter.com/statuses/replies.xml', array(), 'POST');
    break;
 }/*}}}*/
 ?>
 <html>
  <head>
    <title>Twitter OAuth in PHP</title>
  </head>
  <body>
    <h2>Welcome to a Twitter OAuth PHP example.</h2>
    <p>This site is a basic showcase of Twitters new OAuth authentication method. Everything is saved in sessions. If you want to start over <a href="<?php echo $_SERVER['PHP_SELF']?>?test=clear">clear sessions</a>.</p>
    <p>Consumer Key: <input type="text" size="60" value="<?php echo $consumer_key?>" onfocus="this.select()" /><br />
      Consumer Secret: <input type="text" size="60" value="<?php echo $consumer_secret?>" onfocus="this.select()" /><br />
      Access Token: <input type="text" size="60" value="<?php echo $_SESSION['oauth_access_token']?>" onfocus="this.select()" /><br />
      Access Token Secret: <input type="text" size="60" value="<?php echo $_SESSION['oauth_access_token_secret']?>" onfocus="this.select()" />
    </p>
    <p>
      Get the code powering this at <a href="http://github.com/abraham/twitteroauth">http://github.com/abraham/twitteroauth</a><br />
      Read the documentation at <a href="https://docs.google.com/View?docID=dcf2dzzs_2339fzbfsf4">https://docs.google.com/View?docID=dcf2dzzs_2339fzbfsf4</a>
    </p>
    <p><pre><?php print_r($content); ?></pre></p>
  </body>
 </html>
diff --git a/post_test.php b/post_test.php
 <?php

 // oauthで投稿テスト

 require_once 'twitterOAuth.php';

 $consumer_key        = 'あなたのコンシューマキー';
 $consumer_secret     = 'あなたのコンシューマシークレット';
 $access_token        = 'あなたのアクセストークン';
 $access_token_secret = 'あなたのアクセストークンシークレット';
 $message = 'テストほげほげ';

 $obj = new TwitterOAuth(
  $consumer_key,
  $consumer_secret,
  $access_token,
  $access_token_secret
 );

 $req = $obj->OAuthRequest('https://twitter.com/statuses/update.xml', array('status'=>$message), 'POST');
 print_r($req);

diff --git a/twitterOAuth.php b/twitterOAuth.php
 <?php
 /*
 * Abraham Williams ([email protected]) http://abrah.am
 *
 * Basic lib to work with Twitter's OAuth beta. This is untested and should not
 * be used in production code. Twitter's beta could change at anytime.
 *
 * Code based on:
 * Fire Eagle code - http://github.com/myelin/fireeagle-php-lib
 * twitterlibphp - http://github.com/poseurtech/twitterlibphp
 */

 /* Load OAuth lib. You can find it at http://oauth.net */
 require_once('OAuth.php');

 /**
 * Twitter OAuth class
 */
 class TwitterOAuth {/*{{{*/
  /* Contains the last HTTP status code returned */
  private $http_status;

  /* Contains the last API call */
  private $last_api_call;

  /* Set up the API root URL */
  public static $TO_API_ROOT = "https://twitter.com";

  /**
   * Set API URLS
   */
  function requestTokenURL() { return self::$TO_API_ROOT.'/oauth/request_token'; }
  function authorizeURL() { return self::$TO_API_ROOT.'/oauth/authorize'; }
  function accessTokenURL() { return self::$TO_API_ROOT.'/oauth/access_token'; }

  /**
   * Debug helpers
   */
  function lastStatusCode() { return $this->http_status; }
  function lastAPICall() { return $this->last_api_call; }

  /**
   * construct TwitterOAuth object
   */
  function __construct($consumer_key, $consumer_secret, $oauth_token = NULL, $oauth_token_secret = NULL) {/*{{{*/
    $this->sha1_method = new OAuthSignatureMethod_HMAC_SHA1();
    $this->consumer = new OAuthConsumer($consumer_key, $consumer_secret);
    if (!empty($oauth_token) && !empty($oauth_token_secret)) {
      $this->token = new OAuthConsumer($oauth_token, $oauth_token_secret);
    } else {
      $this->token = NULL;
    }
  }/*}}}*/


  /**
   * Get a request_token from Twitter
   *
   * @returns a key/value array containing oauth_token and oauth_token_secret
   */
  function getRequestToken() {/*{{{*/
    $r = $this->oAuthRequest($this->requestTokenURL());
    $token = $this->oAuthParseResponse($r);
    $this->token = new OAuthConsumer($token['oauth_token'], $token['oauth_token_secret']);
    return $token;
  }/*}}}*/

  /**
   * Parse a URL-encoded OAuth response
   *
   * @return a key/value array
   */
  function oAuthParseResponse($responseString) {
    $r = array();
    foreach (explode('&', $responseString) as $param) {
      $pair = explode('=', $param, 2);
      if (count($pair) != 2) continue;
      $r[urldecode($pair[0])] = urldecode($pair[1]);
    }
    return $r;
  }

  /**
   * Get the authorize URL
   *
   * @returns a string
   */
  function getAuthorizeURL($token) {/*{{{*/
    if (is_array($token)) $token = $token['oauth_token'];
    return $this->authorizeURL() . '?oauth_token=' . $token;
  }/*}}}*/

  /**
   * Exchange the request token and secret for an access token and
   * secret, to sign API calls.
   *
   * @returns array("oauth_token" => the access token,
   *                "oauth_token_secret" => the access secret)
   */
  function getAccessToken($token = NULL) {/*{{{*/
    $r = $this->oAuthRequest($this->accessTokenURL());
    $token = $this->oAuthParseResponse($r);
    $this->token = new OAuthConsumer($token['oauth_token'], $token['oauth_token_secret']);
    return $token;
  }/*}}}*/

  /**
   * Format and sign an OAuth / API request
   */
  function oAuthRequest($url, $args = array(), $method = NULL) {/*{{{*/
    if (empty($method)) $method = empty($args) ? "GET" : "POST";
    $req = OAuthRequest::from_consumer_and_token($this->consumer, $this->token, $method, $url, $args);
    $req->sign_request($this->sha1_method, $this->consumer, $this->token);
    switch ($method) {
    case 'GET': return $this->http($req->to_url());
    case 'POST': return $this->http($req->get_normalized_http_url(), $req->to_postdata());
    }
  }/*}}}*/

  /**
   * Make an HTTP request
   *
   * @return API results
   */
  function http($url, $post_data = null) {/*{{{*/
    $ch = curl_init();
    if (defined("CURL_CA_BUNDLE_PATH")) curl_setopt($ch, CURLOPT_CAINFO, CURL_CA_BUNDLE_PATH);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
    curl_setopt($ch, CURLOPT_TIMEOUT, 30);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    //////////////////////////////////////////////////
    ///// Set to 1 to verify Twitter's SSL Cert //////
    //////////////////////////////////////////////////
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    if (isset($post_data)) {
      curl_setopt($ch, CURLOPT_POST, 1);
      curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
    }
    $response = curl_exec($ch);
    $this->http_status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    $this->last_api_call = $url;
    curl_close ($ch);
    return $response;
  }/*}}}*/
 }/*}}}*/
	<?php
	// vim: foldmethod=marker

	ini_set('display_errors', 'off'); // エラー表示させないようにしとく

	/* Generic exception class
	*/
	class OAuthException extends Exception {/{{{/
	// pass
	}/}}}/

	class OAuthConsumer {/{{{/
	public $key;
	public $secret;

	function __construct($key, $secret, $callback_url=NULL) {/{{{/
	$this->key = $key;
	$this->secret = $secret;
	$this->callback_url = $callback_url;
	}/}}}/

	function __toString() {/{{{/
	return "OAuthConsumer[key=$this->key,secret=$this->secret]";
	}/}}}/
	}/}}}/

	class OAuthToken {/{{{/
	// access tokens and request tokens
	public $key;
	public $secret;

	/**
	* key = the token
	* secret = the token secret
	*/
	function __construct($key, $secret) {/{{{/
	$this->key = $key;
	$this->secret = $secret;
	}/}}}/

	/**
	* generates the basic string serialization of a token that a server
	* would respond to request_token and access_token calls with
	*/
	function to_string() {/{{{/
	return "oauth_token=" . OAuthUtil::urlencode_rfc3986($this->key) .
	"&oauth_token_secret=" . OAuthUtil::urlencode_rfc3986($this->secret);
	}/}}}/

	function __toString() {/{{{/
	return $this->to_string();
	}/}}}/
	}/}}}/

	class OAuthSignatureMethod {/{{{/
	public function check_signature(&$request, $consumer, $token, $signature) {
	$built = $this->build_signature($request, $consumer, $token);
	return $built == $signature;
	}
	}/}}}/

	class OAuthSignatureMethod_HMAC_SHA1 extends OAuthSignatureMethod {/{{{/
	function get_name() {/{{{/
	return "HMAC-SHA1";
	}/}}}/

	public function build_signature($request, $consumer, $token) {/{{{/
	$base_string = $request->get_signature_base_string();
	$request->base_string = $base_string;

	$key_parts = array(
	$consumer->secret,
	($token) ? $token->secret : ""
	);

	$key_parts = OAuthUtil::urlencode_rfc3986($key_parts);
	$key = implode('&', $key_parts);

	return base64_encode( hash_hmac('sha1', $base_string, $key, true));
	}/}}}/
	}/}}}/

	class OAuthSignatureMethod_PLAINTEXT extends OAuthSignatureMethod {/{{{/
	public function get_name() {/{{{/
	return "PLAINTEXT";
	}/}}}/

	public function build_signature($request, $consumer, $token) {/{{{/
	$sig = array(
	OAuthUtil::urlencode_rfc3986($consumer->secret)
	);

	if ($token) {
	array_push($sig, OAuthUtil::urlencode_rfc3986($token->secret));
	} else {
	array_push($sig, '');
	}

	$raw = implode("&", $sig);
	// for debug purposes
	$request->base_string = $raw;

	return OAuthUtil::urlencode_rfc3986($raw);
	}/}}}/
	}/}}}/

	class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod {/{{{/
	public function get_name() {/{{{/
	return "RSA-SHA1";
	}/}}}/

	protected function fetch_public_cert(&$request) {/{{{/
	// not implemented yet, ideas are:
	// (1) do a lookup in a table of trusted certs keyed off of consumer
	// (2) fetch via http using a url provided by the requester
	// (3) some sort of specific discovery code based on request
	//
	// either way should return a string representation of the certificate
	throw Exception("fetch_public_cert not implemented");
	}/}}}/

	protected function fetch_private_cert(&$request) {/{{{/
	// not implemented yet, ideas are:
	// (1) do a lookup in a table of trusted certs keyed off of consumer
	//
	// either way should return a string representation of the certificate
	throw Exception("fetch_private_cert not implemented");
	}/}}}/

	public function build_signature(&$request, $consumer, $token) {/{{{/
	$base_string = $request->get_signature_base_string();
	$request->base_string = $base_string;

	// Fetch the private key cert based on the request
	$cert = $this->fetch_private_cert($request);

	// Pull the private key ID from the certificate
	$privatekeyid = openssl_get_privatekey($cert);

	// Sign using the key
	$ok = openssl_sign($base_string, $signature, $privatekeyid);

	// Release the key resource
	openssl_free_key($privatekeyid);

	return base64_encode($signature);
	} /}}}/

	public function check_signature(&$request, $consumer, $token, $signature) {/{{{/
	$decoded_sig = base64_decode($signature);

	$base_string = $request->get_signature_base_string();

	// Fetch the public key cert based on the request
	$cert = $this->fetch_public_cert($request);

	// Pull the public key ID from the certificate
	$publickeyid = openssl_get_publickey($cert);

	// Check the computed signature against the one passed in the query
	$ok = openssl_verify($base_string, $decoded_sig, $publickeyid);

	// Release the key resource
	openssl_free_key($publickeyid);

	return $ok == 1;
	} /}}}/
	}/}}}/

	class OAuthRequest {/{{{/
	private $parameters;
	private $http_method;
	private $http_url;
	// for debug purposes
	public $base_string;
	public static $version = '1.0';

	function __construct($http_method, $http_url, $parameters=NULL) {/{{{/
	@$parameters or $parameters = array();
	$this->parameters = $parameters;
	$this->http_method = $http_method;
	$this->http_url = $http_url;
	}/}}}/


	/**
	* attempt to build up a request from what was passed to the server
	*/
	public static function from_request($http_method=NULL, $http_url=NULL, $parameters=NULL) {/{{{/
	$scheme = (!isset($_SERVER['HTTPS']) \|\| $_SERVER['HTTPS'] != "on") ? 'http' : 'https';
	@$http_url or $http_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . ':' . $_SERVER['SERVER_PORT'] . $_SERVER['REQUEST_URI'];
	@$http_method or $http_method = $_SERVER['REQUEST_METHOD'];

	$request_headers = OAuthRequest::get_headers();

	// let the library user override things however they'd like, if they know
	// which parameters to use then go for it, for example XMLRPC might want to
	// do this
	if ($parameters) {
	$req = new OAuthRequest($http_method, $http_url, $parameters);
	} else {
	// collect request parameters from query string (GET) and post-data (POST) if appropriate (note: POST vars have priority)
	$req_parameters = $_GET;
	if ($http_method == "POST" && @strstr($request_headers["Content-Type"], "application/x-www-form-urlencoded") ) {
	$req_parameters = array_merge($req_parameters, $_POST);
	}

	// next check for the auth header, we need to do some extra stuff
	// if that is the case, namely suck in the parameters from GET or POST
	// so that we can include them in the signature
	if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
	$header_parameters = OAuthRequest::split_header($request_headers['Authorization']);
	$parameters = array_merge($req_parameters, $header_parameters);
	$req = new OAuthRequest($http_method, $http_url, $parameters);
	} else $req = new OAuthRequest($http_method, $http_url, $req_parameters);
	}

	return $req;
	}/}}}/

	/**
	* pretty much a helper function to set up the request
	*/
	public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters=NULL) {/{{{/
	@$parameters or $parameters = array();
	$defaults = array("oauth_version" => OAuthRequest::$version,
	"oauth_nonce" => OAuthRequest::generate_nonce(),
	"oauth_timestamp" => OAuthRequest::generate_timestamp(),
	"oauth_consumer_key" => $consumer->key);
	$parameters = array_merge($defaults, $parameters);

	if ($token) {
	$parameters['oauth_token'] = $token->key;
	}
	return new OAuthRequest($http_method, $http_url, $parameters);
	}/}}}/

	public function set_parameter($name, $value) {/{{{/
	$this->parameters[$name] = $value;
	}/}}}/

	public function get_parameter($name) {/{{{/
	return isset($this->parameters[$name]) ? $this->parameters[$name] : null;
	}/}}}/

	public function get_parameters() {/{{{/
	return $this->parameters;
	}/}}}/

	/**
	* Returns the normalized parameters of the request
	*
	* This will be all (except oauth_signature) parameters,
	* sorted first by key, and if duplicate keys, then by
	* value.
	*
	* The returned string will be all the key=value pairs
	* concated by &.
	*
	* @return string
	*/
	public function get_signable_parameters() {/{{{/
	// Grab all parameters
	$params = $this->parameters;

	// Remove oauth_signature if present
	if (isset($params['oauth_signature'])) {
	unset($params['oauth_signature']);
	}

	// Urlencode both keys and values
	$keys = OAuthUtil::urlencode_rfc3986(array_keys($params));
	$values = OAuthUtil::urlencode_rfc3986(array_values($params));
	$params = array_combine($keys, $values);

	// Sort by keys (natsort)
	uksort($params, 'strcmp');

	// Generate key=value pairs
	$pairs = array();
	foreach ($params as $key=>$value ) {
	if (is_array($value)) {
	// If the value is an array, it's because there are multiple
	// with the same key, sort them, then add all the pairs
	natsort($value);
	foreach ($value as $v2) {
	$pairs[] = $key . '=' . $v2;
	}
	} else {
	$pairs[] = $key . '=' . $value;
	}
	}

	// Return the pairs, concated with &
	return implode('&', $pairs);
	}/}}}/

	/**
	* Returns the base string of this request
	*
	* The base string defined as the method, the url
	* and the parameters (normalized), each urlencoded
	* and the concated with &.
	*/
	public function get_signature_base_string() {/{{{/
	$parts = array(
	$this->get_normalized_http_method(),
	$this->get_normalized_http_url(),
	$this->get_signable_parameters()
	);

	$parts = OAuthUtil::urlencode_rfc3986($parts);

	return implode('&', $parts);
	}/}}}/

	/**
	* just uppercases the http method
	*/
	public function get_normalized_http_method() {/{{{/
	return strtoupper($this->http_method);
	}/}}}/

	/**
	* parses the url and rebuilds it to be
	* scheme://host/path
	*/
	public function get_normalized_http_url() {/{{{/
	$parts = parse_url($this->http_url);

	$port = @$parts['port'];
	$scheme = $parts['scheme'];
	$host = $parts['host'];
	$path = @$parts['path'];

	$port or $port = ($scheme == 'https') ? '443' : '80';

	if (($scheme == 'https' && $port != '443')
	\|\| ($scheme == 'http' && $port != '80')) {
	$host = "$host:$port";
	}
	return "$scheme://$host$path";
	}/}}}/

	/**
	* builds a url usable for a GET request
	*/
	public function to_url() {/{{{/
	$out = $this->get_normalized_http_url() . "?";
	$out .= $this->to_postdata();
	return $out;
	}/}}}/

	/**
	* builds the data one would send in a POST request
	*
	* TODO(morten.fangel):
	* this function might be easily replaced with http_build_query()
	* and corrections for rfc3986 compatibility.. but not sure
	*/
	public function to_postdata() {/{{{/
	$total = array();
	foreach ($this->parameters as $k => $v) {
	if (is_array($v)) {
	foreach ($v as $va) {
	$total[] = OAuthUtil::urlencode_rfc3986($k) . "[]=" . OAuthUtil::urlencode_rfc3986($va);
	}
	} else {
	$total[] = OAuthUtil::urlencode_rfc3986($k) . "=" . OAuthUtil::urlencode_rfc3986($v);
	}
	}
	$out = implode("&", $total);
	return $out;
	}/}}}/

	/**
	* builds the Authorization: header
	*/
	public function to_header() {/{{{/
	$out ='Authorization: OAuth realm=""';
	$total = array();
	foreach ($this->parameters as $k => $v) {
	if (substr($k, 0, 5) != "oauth") continue;
	if (is_array($v)) throw new OAuthException('Arrays not supported in headers');
	$out .= ',' . OAuthUtil::urlencode_rfc3986($k) . '="' . OAuthUtil::urlencode_rfc3986($v) . '"';
	}
	return $out;
	}/}}}/

	public function __toString() {/{{{/
	return $this->to_url();
	}/}}}/


	public function sign_request($signature_method, $consumer, $token) {/{{{/
	$this->set_parameter("oauth_signature_method", $signature_method->get_name());
	$signature = $this->build_signature($signature_method, $consumer, $token);
	$this->set_parameter("oauth_signature", $signature);
	}/}}}/

	public function build_signature($signature_method, $consumer, $token) {/{{{/
	$signature = $signature_method->build_signature($this, $consumer, $token);
	return $signature;
	}/}}}/

	/**
	* util function: current timestamp
	*/
	private static function generate_timestamp() {/{{{/
	return time();
	}/}}}/

	/**
	* util function: current nonce
	*/
	private static function generate_nonce() {/{{{/
	$mt = microtime();
	$rand = mt_rand();

	return md5($mt . $rand); // md5s look nicer than numbers
	}/}}}/

	/**
	* util function for turning the Authorization: header into
	* parameters, has to do some unescaping
	*/
	private static function split_header($header) {/{{{/
	$pattern = '/(([-_a-z])=("([^"])"\|([^,]*)),?)/';
	$offset = 0;
	$params = array();
	while (preg_match($pattern, $header, $matches, PREG_OFFSET_CAPTURE, $offset) > 0) {
	$match = $matches[0];
	$header_name = $matches[2][0];
	$header_content = (isset($matches[5])) ? $matches[5][0] : $matches[4][0];
	$params[$header_name] = OAuthUtil::urldecode_rfc3986( $header_content );
	$offset = $match[1] + strlen($match[0]);
	}

	if (isset($params['realm'])) {
	unset($params['realm']);
	}

	return $params;
	}/}}}/

	/**
	* helper to try to sort out headers for people who aren't running apache
	*/
	private static function get_headers() {/{{{/
	if (function_exists('apache_request_headers')) {
	// we need this to get the actual Authorization: header
	// because apache tends to tell us it doesn't exist
	return apache_request_headers();
	}
	// otherwise we don't have apache and are just going to have to hope
	// that $_SERVER actually contains what we need
	$out = array();
	foreach ($_SERVER as $key => $value) {
	if (substr($key, 0, 5) == "HTTP_") {
	// this is chaos, basically it is just there to capitalize the first
	// letter of every word that is not an initial HTTP and strip HTTP
	// code from przemek
	$key = str_replace(" ", "-", ucwords(strtolower(str_replace("_", " ", substr($key, 5)))));
	$out[$key] = $value;
	}
	}
	return $out;
	}/}}}/
	}/}}}/

	class OAuthServer {/{{{/
	protected $timestamp_threshold = 300; // in seconds, five minutes
	protected $version = 1.0; // hi blaine
	protected $signature_methods = array();

	protected $data_store;

	function __construct($data_store) {/{{{/
	$this->data_store = $data_store;
	}/}}}/

	public function add_signature_method($signature_method) {/{{{/
	$this->signature_methods[$signature_method->get_name()] =
	$signature_method;
	}/}}}/

	// high level functions

	/**
	* process a request_token request
	* returns the request token on success
	*/
	public function fetch_request_token(&$request) {/{{{/
	$this->get_version($request);

	$consumer = $this->get_consumer($request);

	// no token required for the initial token request
	$token = NULL;

	$this->check_signature($request, $consumer, $token);

	$new_token = $this->data_store->new_request_token($consumer);

	return $new_token;
	}/}}}/

	/**
	* process an access_token request
	* returns the access token on success
	*/
	public function fetch_access_token(&$request) {/{{{/
	$this->get_version($request);

	$consumer = $this->get_consumer($request);

	// requires authorized request token
	$token = $this->get_token($request, $consumer, "request");


	$this->check_signature($request, $consumer, $token);

	$new_token = $this->data_store->new_access_token($token, $consumer);

	return $new_token;
	}/}}}/

	/**
	* verify an api call, checks all the parameters
	*/
	public function verify_request(&$request) {/{{{/
	$this->get_version($request);
	$consumer = $this->get_consumer($request);
	$token = $this->get_token($request, $consumer, "access");
	$this->check_signature($request, $consumer, $token);
	return array($consumer, $token);
	}/}}}/

	// Internals from here
	/**
	* version 1
	*/
	private function get_version(&$request) {/{{{/
	$version = $request->get_parameter("oauth_version");
	if (!$version) {
	$version = 1.0;
	}
	if ($version && $version != $this->version) {
	throw new OAuthException("OAuth version '$version' not supported");
	}
	return $version;
	}/}}}/

	/**
	* figure out the signature with some defaults
	*/
	private function get_signature_method(&$request) {/{{{/
	$signature_method =
	@$request->get_parameter("oauth_signature_method");
	if (!$signature_method) {
	$signature_method = "PLAINTEXT";
	}
	if (!in_array($signature_method,
	array_keys($this->signature_methods))) {
	throw new OAuthException(
	"Signature method '$signature_method' not supported try one of the following: " . implode(", ", array_keys($this->signature_methods))
	);
	}
	return $this->signature_methods[$signature_method];
	}/}}}/

	/**
	* try to find the consumer for the provided request's consumer key
	*/
	private function get_consumer(&$request) {/{{{/
	$consumer_key = @$request->get_parameter("oauth_consumer_key");
	if (!$consumer_key) {
	throw new OAuthException("Invalid consumer key");
	}

	$consumer = $this->data_store->lookup_consumer($consumer_key);
	if (!$consumer) {
	throw new OAuthException("Invalid consumer");
	}

	return $consumer;
	}/}}}/

	/**
	* try to find the token for the provided request's token key
	*/
	private function get_token(&$request, $consumer, $token_type="access") {/{{{/
	$token_field = @$request->get_parameter('oauth_token');
	$token = $this->data_store->lookup_token(
	$consumer, $token_type, $token_field
	);
	if (!$token) {
	throw new OAuthException("Invalid $token_type token: $token_field");
	}
	return $token;
	}/}}}/

	/**
	* all-in-one function to check the signature on a request
	* should guess the signature method appropriately
	*/
	private function check_signature(&$request, $consumer, $token) {/{{{/
	// this should probably be in a different method
	$timestamp = @$request->get_parameter('oauth_timestamp');
	$nonce = @$request->get_parameter('oauth_nonce');

	$this->check_timestamp($timestamp);
	$this->check_nonce($consumer, $token, $nonce, $timestamp);

	$signature_method = $this->get_signature_method($request);

	$signature = $request->get_parameter('oauth_signature');
	$valid_sig = $signature_method->check_signature(
	$request,
	$consumer,
	$token,
	$signature
	);

	if (!$valid_sig) {
	throw new OAuthException("Invalid signature");
	}
	}/}}}/

	/**
	* check that the timestamp is new enough
	*/
	private function check_timestamp($timestamp) {/{{{/
	// verify that timestamp is recentish
	$now = time();
	if ($now - $timestamp > $this->timestamp_threshold) {
	throw new OAuthException("Expired timestamp, yours $timestamp, ours $now");
	}
	}/}}}/

	/**
	* check that the nonce is not repeated
	*/
	private function check_nonce($consumer, $token, $nonce, $timestamp) {/{{{/
	// verify that the nonce is uniqueish
	$found = $this->data_store->lookup_nonce($consumer, $token, $nonce, $timestamp);
	if ($found) {
	throw new OAuthException("Nonce already used: $nonce");
	}
	}/}}}/



	}/}}}/

	class OAuthDataStore {/{{{/
	function lookup_consumer($consumer_key) {/{{{/
	// implement me
	}/}}}/

	function lookup_token($consumer, $token_type, $token) {/{{{/
	// implement me
	}/}}}/

	function lookup_nonce($consumer, $token, $nonce, $timestamp) {/{{{/
	// implement me
	}/}}}/

	function new_request_token($consumer) {/{{{/
	// return a new token attached to this consumer
	}/}}}/

	function new_access_token($token, $consumer) {/{{{/
	// return a new access token attached to this consumer
	// for the user associated with this token if the request token
	// is authorized
	// should also invalidate the request token
	}/}}}/

	}/}}}/


	/* A very naive dbm-based oauth storage
	*/
	class SimpleOAuthDataStore extends OAuthDataStore {/{{{/
	private $dbh;

	function __construct($path = "oauth.gdbm") {/{{{/
	$this->dbh = dba_popen($path, 'c', 'gdbm');
	}/}}}/

	function __destruct() {/{{{/
	dba_close($this->dbh);
	}/}}}/

	function lookup_consumer($consumer_key) {/{{{/
	$rv = dba_fetch("consumer_$consumer_key", $this->dbh);
	if ($rv === FALSE) {
	return NULL;
	}
	$obj = unserialize($rv);
	if (!($obj instanceof OAuthConsumer)) {
	return NULL;
	}
	return $obj;
	}/}}}/

	function lookup_token($consumer, $token_type, $token) {/{{{/
	$rv = dba_fetch("${token_type}_${token}", $this->dbh);
	if ($rv === FALSE) {
	return NULL;
	}
	$obj = unserialize($rv);
	if (!($obj instanceof OAuthToken)) {
	return NULL;
	}
	return $obj;
	}/}}}/

	function lookup_nonce($consumer, $token, $nonce, $timestamp) {/{{{/
	if (dba_exists("nonce_$nonce", $this->dbh)) {
	return TRUE;
	} else {
	dba_insert("nonce_$nonce", "1", $this->dbh);
	return FALSE;
	}
	}/}}}/

	function new_token($consumer, $type="request") {/{{{/
	$key = md5(time());
	$secret = time() + time();
	$token = new OAuthToken($key, md5(md5($secret)));
	if (!dba_insert("${type}_$key", serialize($token), $this->dbh)) {
	throw new OAuthException("doooom!");
	}
	return $token;
	}/}}}/

	function new_request_token($consumer) {/{{{/
	return $this->new_token($consumer, "request");
	}/}}}/

	function new_access_token($token, $consumer) {/{{{/

	$token = $this->new_token($consumer, 'access');
	dba_delete("request_" . $token->key, $this->dbh);
	return $token;
	}/}}}/
	}/}}}/

	class OAuthUtil {/{{{/
	public static function urlencode_rfc3986($input) {/{{{/
	if (is_array($input)) {
	return array_map(array('OAuthUtil','urlencode_rfc3986'), $input);
	} else if (is_scalar($input)) {
	return str_replace('+', ' ',
	str_replace('%7E', '~', rawurlencode($input)));
	} else {
	return '';
	}
	}/}}}/


	// This decode function isn't taking into consideration the above
	// modifications to the encoding process. However, this method doesn't
	// seem to be used anywhere so leaving it as is.
	public static function urldecode_rfc3986($string) {/{{{/
	return rawurldecode($string);
	}/}}}/
	}/}}}/
	<?php
	// require twitterOAuth lib
	require_once('twitterOAuth.php');

	/* Sessions are used to keep track of tokens while user authenticates with twitter */
	session_start();

	/* Consumer key from twitter */
	$consumer_key = 'あなたのコンシューマキー';

	/* Consumer Secret from twitter */
	$consumer_secret = 'あなたのコンシューマシークレット';

	/* Set up placeholder */
	$content = NULL;

	/* Set state if previous session */
	$state = $_SESSION['oauth_state'];

	/* Checks if oauth_token is set from returning from twitter */
	$session_token = $_SESSION['oauth_request_token'];

	/* Checks if oauth_token is set from returning from twitter */

	$oauth_token = $_REQUEST['oauth_token'];

	/* Set section var */
	$section = $_REQUEST['section'];

	/* Clear PHP sessions */
	if ($_REQUEST['test'] === 'clear') {/{{{/
	session_destroy();
	session_start();
	}/}}}/

	/* If oauth_token is missing get it */
	if ($_REQUEST['oauth_token'] != NULL && $_SESSION['oauth_state'] === 'start') {/{{{/
	$_SESSION['oauth_state'] = $state = 'returned';
	}/}}}/

	/*
	* Switch based on where in the process you are
	*
	* 'default': Get a request token from twitter for new user
	* 'returned': The user has authorize the app on twitter
	*/
	switch ($state) {/{{{/
	default:
	/* Create TwitterOAuth object with app key/secret */
	$to = new TwitterOAuth($consumer_key, $consumer_secret);
	/* Request tokens from twitter */
	$tok = $to->getRequestToken();

	/* Save tokens for later */
	$_SESSION['oauth_request_token'] = $token = $tok['oauth_token'];
	$_SESSION['oauth_request_token_secret'] = $tok['oauth_token_secret'];
	$_SESSION['oauth_state'] = "start";

	/* Build the authorization URL */
	$request_link = $to->getAuthorizeURL($token);

	/* Build link that gets user to twitter to authorize the app */
	$content = 'Click on the link to go to twitter to authorize your account.';
	$content .= '<br /><a href="'.$request_link.'">'.$request_link.'</a>';
	break;
	case 'returned':
	/* If the access tokens are already set skip to the API call */
	if ($_SESSION['oauth_access_token'] === NULL && $_SESSION['oauth_access_token_secret'] === NULL) {
	/* Create TwitterOAuth object with app key/secret and token key/secret from default phase */
	$to = new TwitterOAuth($consumer_key, $consumer_secret, $_SESSION['oauth_request_token'], $_SESSION['oauth_request_token_secret']);
	/* Request access tokens from twitter */
	$tok = $to->getAccessToken();

	/* Save the access tokens. Normally these would be saved in a database for future use. */
	$_SESSION['oauth_access_token'] = $tok['oauth_token'];
	$_SESSION['oauth_access_token_secret'] = $tok['oauth_token_secret'];
	}
	/* Random copy */
	$content = 'your account should now be registered with twitter. Check here:<br />';
	$content .= '<a href="https://twitter.com/account/connections">https://twitter.com/account/connections</a>';

	/* Create TwitterOAuth with app key/secret and user access key/secret */
	$to = new TwitterOAuth($consumer_key, $consumer_secret, $_SESSION['oauth_access_token'], $_SESSION['oauth_access_token_secret']);
	/* Run request on twitter API as user. */
	$content = $to->OAuthRequest('https://twitter.com/account/verify_credentials.xml', array(), 'GET');
	//$content = $to->OAuthRequest('https://twitter.com/statuses/update.xml', array('status' => 'Test OAuth update.'), 'POST');
	//$content = $to->OAuthRequest('https://twitter.com/statuses/replies.xml', array(), 'POST');
	break;
	}/}}}/
	?>
	<html>
	<head>
	<title>Twitter OAuth in PHP</title>
	</head>
	<body>
	<h2>Welcome to a Twitter OAuth PHP example.</h2>
	<p>This site is a basic showcase of Twitters new OAuth authentication method. Everything is saved in sessions. If you want to start over <a href="<?php echo $_SERVER['PHP_SELF']?>?test=clear">clear sessions</a>.</p>
	<p>Consumer Key: <input type="text" size="60" value="<?php echo $consumer_key?>" onfocus="this.select()" /><br />
	Consumer Secret: <input type="text" size="60" value="<?php echo $consumer_secret?>" onfocus="this.select()" /><br />
	Access Token: <input type="text" size="60" value="<?php echo $_SESSION['oauth_access_token']?>" onfocus="this.select()" /><br />
	Access Token Secret: <input type="text" size="60" value="<?php echo $_SESSION['oauth_access_token_secret']?>" onfocus="this.select()" />
	</p>
	<p>
	Get the code powering this at <a href="http://github.com/abraham/twitteroauth">http://github.com/abraham/twitteroauth</a><br />
	Read the documentation at <a href="https://docs.google.com/View?docID=dcf2dzzs_2339fzbfsf4">https://docs.google.com/View?docID=dcf2dzzs_2339fzbfsf4</a>
	</p>
	<p><pre><?php print_r($content); ?></pre></p>
	</body>
	</html>
	<?php

	// oauthで投稿テスト

	require_once 'twitterOAuth.php';

	$consumer_key = 'あなたのコンシューマキー';
	$consumer_secret = 'あなたのコンシューマシークレット';
	$access_token = 'あなたのアクセストークン';
	$access_token_secret = 'あなたのアクセストークンシークレット';
	$message = 'テストほげほげ';

	$obj = new TwitterOAuth(
	$consumer_key,
	$consumer_secret,
	$access_token,
	$access_token_secret
	);

	$req = $obj->OAuthRequest('https://twitter.com/statuses/update.xml', array('status'=>$message), 'POST');
	print_r($req);
	<?php
	/*
	* Abraham Williams ([email protected]) http://abrah.am
	*
	* Basic lib to work with Twitter's OAuth beta. This is untested and should not
	* be used in production code. Twitter's beta could change at anytime.
	*
	* Code based on:
	* Fire Eagle code - http://github.com/myelin/fireeagle-php-lib
	* twitterlibphp - http://github.com/poseurtech/twitterlibphp
	*/

	/* Load OAuth lib. You can find it at http://oauth.net */
	require_once('OAuth.php');

	/**
	* Twitter OAuth class
	*/
	class TwitterOAuth {/{{{/
	/* Contains the last HTTP status code returned */
	private $http_status;

	/* Contains the last API call */
	private $last_api_call;

	/* Set up the API root URL */
	public static $TO_API_ROOT = "https://twitter.com";

	/**
	* Set API URLS
	*/
	function requestTokenURL() { return self::$TO_API_ROOT.'/oauth/request_token'; }
	function authorizeURL() { return self::$TO_API_ROOT.'/oauth/authorize'; }
	function accessTokenURL() { return self::$TO_API_ROOT.'/oauth/access_token'; }

	/**
	* Debug helpers
	*/
	function lastStatusCode() { return $this->http_status; }
	function lastAPICall() { return $this->last_api_call; }

	/**
	* construct TwitterOAuth object
	*/
	function __construct($consumer_key, $consumer_secret, $oauth_token = NULL, $oauth_token_secret = NULL) {/{{{/
	$this->sha1_method = new OAuthSignatureMethod_HMAC_SHA1();
	$this->consumer = new OAuthConsumer($consumer_key, $consumer_secret);
	if (!empty($oauth_token) && !empty($oauth_token_secret)) {
	$this->token = new OAuthConsumer($oauth_token, $oauth_token_secret);
	} else {
	$this->token = NULL;
	}
	}/}}}/


	/**
	* Get a request_token from Twitter
	*
	* @returns a key/value array containing oauth_token and oauth_token_secret
	*/
	function getRequestToken() {/{{{/
	$r = $this->oAuthRequest($this->requestTokenURL());
	$token = $this->oAuthParseResponse($r);
	$this->token = new OAuthConsumer($token['oauth_token'], $token['oauth_token_secret']);
	return $token;
	}/}}}/

	/**
	* Parse a URL-encoded OAuth response
	*
	* @return a key/value array
	*/
	function oAuthParseResponse($responseString) {
	$r = array();
	foreach (explode('&', $responseString) as $param) {
	$pair = explode('=', $param, 2);
	if (count($pair) != 2) continue;
	$r[urldecode($pair[0])] = urldecode($pair[1]);
	}
	return $r;
	}

	/**
	* Get the authorize URL
	*
	* @returns a string
	*/
	function getAuthorizeURL($token) {/{{{/
	if (is_array($token)) $token = $token['oauth_token'];
	return $this->authorizeURL() . '?oauth_token=' . $token;
	}/}}}/

	/**
	* Exchange the request token and secret for an access token and
	* secret, to sign API calls.
	*
	* @returns array("oauth_token" => the access token,
	* "oauth_token_secret" => the access secret)
	*/
	function getAccessToken($token = NULL) {/{{{/
	$r = $this->oAuthRequest($this->accessTokenURL());
	$token = $this->oAuthParseResponse($r);
	$this->token = new OAuthConsumer($token['oauth_token'], $token['oauth_token_secret']);
	return $token;
	}/}}}/

	/**
	* Format and sign an OAuth / API request
	*/
	function oAuthRequest($url, $args = array(), $method = NULL) {/{{{/
	if (empty($method)) $method = empty($args) ? "GET" : "POST";
	$req = OAuthRequest::from_consumer_and_token($this->consumer, $this->token, $method, $url, $args);
	$req->sign_request($this->sha1_method, $this->consumer, $this->token);
	switch ($method) {
	case 'GET': return $this->http($req->to_url());
	case 'POST': return $this->http($req->get_normalized_http_url(), $req->to_postdata());
	}
	}/}}}/

	/**
	* Make an HTTP request
	*
	* @return API results
	*/
	function http($url, $post_data = null) {/{{{/
	$ch = curl_init();
	if (defined("CURL_CA_BUNDLE_PATH")) curl_setopt($ch, CURLOPT_CAINFO, CURL_CA_BUNDLE_PATH);
	curl_setopt($ch, CURLOPT_URL, $url);
	curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
	curl_setopt($ch, CURLOPT_TIMEOUT, 30);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	//////////////////////////////////////////////////
	///// Set to 1 to verify Twitter's SSL Cert //////
	//////////////////////////////////////////////////
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
	if (isset($post_data)) {
	curl_setopt($ch, CURLOPT_POST, 1);
	curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
	}
	$response = curl_exec($ch);
	$this->http_status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
	$this->last_api_call = $url;
	curl_close ($ch);
	return $response;
	}/}}}/
	}/}}}/