> Spent the day trying to get OAuth working with PHP, curse August the > 31st, first time I've heard of it, etc,etc. Anyhow I need some help to > see where I'm going wrong with this code to retireve the auth token > Please... > > <?php > function CalcHmacSha1($data,$key) { > > $blocksize = 64; > $hashfunc = 'sha1'; > if (strlen($key) > $blocksize) { > $key = pack('H*', $hashfunc($key)); > } > $key = str_pad($key, $blocksize, chr(0x00)); > $ipad = str_repeat(chr(0x36), $blocksize); > $opad = str_repeat(chr(0x5c), $blocksize); > $hmac = pack( > 'H*', $hashfunc( > ($key^$opad).pack( > 'H*', $hashfunc( > ($key^$ipad).$data > ) > ) > ) > ); > return $hmac; > }
Tom already pointed out that PHP does this for you, but for purposes of education, I think your $hmac = pack(... line is wrong. You're prepacking the result of ($key^$ipad).$data, which is changing the output. Try something like > $hmac = pack( > 'H*', $hashfunc( > ($key^$opad). > $hashfunc( > ($key^$ipad).$data > ) > ) > ); Notice only one pack operation, at top level. This assumes that your SHA-1 is also emitting correct output; watch out for 64-bit systems. (from a fellow reinventor of the wheel) -- ------------------------------------ personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- Today's forecast is total crap! -- Strong Bad, "Homestar Runner" Menu #11 -- -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en