Looks like Gritty’s is up in Bangor today at Hannaford (Union Street) promoting their beers. Yay! About time. I snagged a coaster and bottle opener. When I told the rep I was brewing today he said “Oh, cool. You should have a Gritty’s while you brew.” I was sad to tell him I was drinking Sam Adams’ Imperial White today…sorry Gritty’s…
I have been working on a Twitter service as of late and ran into a problem that I am sure others have as well and ended up solving it in their own way. However, after searching high and low on the Internet for an elegant solution, I came up with nothing and found I was on my own. This post is for those of you who are, or will be, using Zend_Service_Twitter and need Twitter users to grant your application access to their account information in a secure way.
The project I am working on requires that users allow my Twitter service to access their account information. The only reason I require this is because this service makes several API requests over the course of time, and instead of having users use up all of my allotted API service requests, I use their’s instead, It’s a little more complicated than that, and a full explanation falls outside the scope of this post. All you need to keep in mind for this post is that I need to have access to their account so API calls are counted on their behalf and not my server’s.
Currently, Zend Framework 1.9 only supports basic authentication for the Twitter API, which works well, but leaves, or should leave, a bad taste in the end-user’s and developer’s mouth. I say this because a developer who wants access to a user’s account at a later time (e.g. if you are running scheduled API calls) will have to store the user’s credentials on the server. This means A) the user may be iffy about using your service since they may not trust your site and/or want their password stored on your server, and B) this creates more overhead for you because you now have to keep track of user information, keep it secure, etc. The way we get rid of this bad taste is to implement a system such as OAuth.
OAuth is an authentication protocol that allows secure API authorization for applications. What this means is that a user can grant you, the 3rd party developer, access to their information without providing you with their username and password. User login takes place at the source, in this case at Twitter.com. For more information about OAuth, please see the Twitter API Wiki / OAuth FAQ
If you are currently using the Twitter API, it is probably better to change over to using OAuth sooner than later since support for basic authentication will be going away in the future.
In order to get Zend_Service_Twitter working with OAuth, you will need to obtain OAuth via subversion since it is not in the currently released version of Zend Framework. It can be obtained here.
The code you are about the see takes place in my IndexController, meaning I am using Zend’s MVC setup. I have also put configuration information inline so you can see exactly what is passed into each object.
<?php
/**
* Default Index Controller using Zend's MVC implementation.
*
* @author Raymond J. Kolbe <rkolbe@white-box.us>
*/
class IndexController extends Zend_Controller_Action
{
/**
* Login Action
*
* Performs user login through Twitter using OAuth. If user's have not
* granted our application access to their account, they will be sent to
* Twitter to do so. Once done, they will return to this page again so
* that we can handle them (e.g. run our application for them).
*
* @param void
* @return void
*/
public function loginAction()
{
// Check to see if the user already has an OAuth access token
if ($this->_session->access_token) {
// You would redirect the user to the main part of your
// application that they needed to be authenticated for.
}
// Configuration for OAuth. @see Zend_Oauth_Consumer
$config = array(
'signatureMethod' => 'HMAC-SHA1',
'callbackUrl' => 'http://localhost/login',
'requestTokenUrl' => 'http://twitter.com/oauth/request_token',
'authorizeUrl' => 'http://twitter.com/oauth/authorize',
'accessTokenUrl' => 'http://twitter.com/oauth/access_token',
'consumerKey' => 'jDrJud90Jhg66whddj876',
'consumerSecret' => 'UdjneHdyGsj90Bsg2UdjneHdyGsj90Bsg2'
);
$consumer = new Zend_Oauth_Consumer($config);
// If we do not have a request token, generate one now
if (!$this->_session->request_token) {
$request_token = $consumer->getRequestToken();
// Save the token for when the user returns to this page.
// This will be used to get the user's access token.
$this->_session->request_token = serialize($request_token);
// Send the user off to Twitter to grant our application access
$consumer->redirect();
return;
}
// If we made it here, the user has been to Twitter to grant our
// application access and now we must get an access token that
// will allow us to make API calls on behalf of the user.
$access_token = $consumer->getAccessToken($this->_request->getQuery(), unserialize($this->_session->request_token));
// We no longer need the request token so remove it
unset($this->_session->request_token);
// Save to session so that reloading of this page will send the user
// to your application main page or wherever you want them to go.
$this->_session->access_token = serialize($access_token);
// This line is very important. Since Zend_Service_Twitter does
// not have support for OAuth (yet), this is how we get it to work.
// All we are doing is making Zend_Service_Twitter use OAuth's
// HTTP Client instance, which will automatically append the proper
// OAuth query info to any Twitter service call we make from here
// on out.
Zend_Service_Twitter::setHttpClient($access_token->getHttpClient($config));
// Username and password are passed in as null because we will not be
// authenticating using a user/pass combo (which uses basic
// authentication).
$twitter = new Zend_Service_Twitter(null, null);
// This is not required but shows you as an example that OAuth did
// in fact work.
$response = $twitter->account->verifyCredentials();
// Your code goes here. This would be the point you want to save
// the access token to the database for later use and/or save a cookie
// on the user's system.
}
}
Tonight I created a helper for Solar that encodes mailto href addresses so SPAMers that scrape HTML pages will never get your addresses.
To use this helper, just do the following in your views/layouts:
echo $this->email('someuser@somehost.com', 'Ray');
Here is the helper code:
<?php
/**
* Generates an encoded mailto href to stop spammers from scrapping email
* addresses from your web pages. This code is based on the PHP example
* from http://rumkin.com/tools/mailto_encoder/
*
* @category Whitebox
* @package Whitebox_View
* @author Raymond J. Kolbe <rkolbe@gmail.com>
*/
class Whitebox_View_Helper_Email extends Solar_View_Helper {
/**
* The encoded email address.
*
* @var string
*/
protected $_encoded_string = '';
/**
* The encoded index used to decode $_encoded_string/
*
* @var string
*/
protected $_encoded_indexes = '';
/**
* Generates an encoded mailto href to stop spammers from
* scrapping email addresses off your web pages. Returns
* an inline javascript code block that allows web browser
* to read the mailto href.
*
* If javascript is disabled in the web browser, only the
* link text is shown to the user.
*
* @param string $spec The email address (e.g. rkolbe@gmail.com)
* @param string $text Href
* @param array $attribs An array of href attributes
* @return string An inline string of javascript to handle the
* encoded mailto href
*/
public function email($spec, $text = null, $attribs = null) {
// escape the email address
$spec = $this->_view->escape($spec);
// build attribs, after dropping any 'href' attrib
$attribs = (array) $attribs;
unset($attribs['href']);
$attribs = $this->_view->attribs($attribs);
$this->_obfuscate("<a href=\"mailto:$spec\"$attribs>$text</a>");
$script = $this->_getScript();
$script .= '<noscript>'.$text.'</noscript>';
return $script;
}
/**
* Takes a given href and obfuscates it.
*
* @param string $link A full mailto href
* @return void
*/
protected function _obfuscate($link) {
$scrambled_chars = str_shuffle($link);
$this->_encoded_string = $this->_escapeString($scrambled_chars);
$string_indexes = '';
for ($i = 0; $i < strlen($link); $i++) {
$index = strpos($scrambled_chars, substr($link, $i, 1)) + 48;
$string_indexes .= chr($index);
}
$this->_encoded_indexes = $this->_escapeString($string_indexes);
}
/**
* Returns a block of javascript used to decode the mailto href.
* This only allows web browsers to see the mailto address.
*
* @param void
* @return string An inline block of javascript
*/
protected function _getScript() {
return $this->_view->scriptInline('<!--
chars = "'.$this->_encoded_string.'";
indexes = "'.$this->_encoded_indexes.'";
href = "";
for(j = 0; j < indexes.length; j++){
href += chars.charAt(indexes.charCodeAt(j) - 48);
}
document.write(href);
// -->');
}
/**
* Prepares (escapes) a string for javascript.
*
* @param string $string The string to escape
* @return string The escaped string
*/
protected function _escapeString($string) {
$string = str_replace("\\", "\\\\", $string);
$string = str_replace("\"", "\\\"", $string);
return $string;
}
}
Table view helper has been released! Since my last post about writing a helper such as this, a lot has changed. I hope to have API docs up soon. In the meantime you can download the code and check out the examples at its new project page.
This was taken yesterday as I was leaving the New England Forest Rally. I will have all ~130 pics uploaded soon! Gotta love their expressions.
Thought I would give you all a sneak peek at the table helper class I am working on. I’m not a big fan of table helper classes but I kind of found a use for a helper such as this for one of my projects–plus it’s neat.
$table = new Table();
$table->setCssId('my_table');
$table->addCssClasses('default big_text');
$thead = $table->addGroup('thead')->addCssClass('thead_tag_css_class');
$row1 = $thead->addRow()->addCssClass('sample_css_heading');
$row1->addHeadingCell('Name');
$row1->addHeadingCell('Sex');
$row1->addHeadingCell('Position');
$row1->addHeadingCell('Top 2 favorite colors')->colSpan(2);
// rows that are not instantiated from addGroup() are added to tbody
$row2 = $table->addRow();
$row2->addDataCell('Adam Smith');
$row2->addDataCell('Male');
$row2->addDataCell('Economist');
$row2->addDataCell('Black');
$row2->addDataCell('White');
$tfoot = $table->addGroup('tfoot');
// empty data cells make sure we are compliant
// empty cells default to
$row3 = $tfoot->addRow();
$row3->addDataCell('example footer data');
$row3->addDataCell();
$row3->addDataCell();
$row3->addDataCell();
$row3->addDataCell();
// we can also just call print $table;
print $table->display()
Produces…
<table id="my_table" class="default big_text">
<thead class="thead_tag_css_class">
<tr class="sample_css_heading">
<th>
Name
</th>
<th>
Sex
</th>
<th>
Position
</th>
<th colspan="2">
Top 2 favorite colors
</th>
</tr>
</thead>
<tfoot>
<tr>
<td>
example footer data
</td>
<td>
</td>
<td>
</td>
<td>
</td>
<td>
</td>
</tr>
</tfoot>
<tbody>
<tr>
<td>
Adam Smith
</td>
<td>
Male
</td>
<td>
Economist
</td>
<td>
Black
</td>
<td>
White
</td>
</tr>
</tbody>
</table>
I still have some refactoring/testing/fixing to do but I hope to release this package soon under the GPLv3. I have also been throwing the idea around of being able to have this class generate CSS tables–e.g. fetchCssTable() and displayCssTable() (something like that) that would return both a CSS stylesheet and the proper div tags for the table itself.
Once I’m happy with this package I will also convert it over to Solar since it lacks this type of helper.
It’s out! Maillog Logger 0.2.0alpha1 was released overnight and is a great improvement over 0.1.0. We now have new CSS styles, MySQL vs. SQLite for security, and an easier install procedure.
Bangor Daily News has an article out right now about how Republican Les Otten, exploring the possibility of running for governor of Maine in 2010, has ripped off Barack Obama’s “O” logo. However, what they fail to point is the fact that Otten’s entire website is a rip-off.
The website not only has the same layout (navigation placement aside), but the font colors, font sizes, placement of content, and content borders are almost 100% the same.
To really get the full impact of how horribly ripped off this site/logo is, let me show you some screen shots–you be the judge.
www.barackobama.com as of July 1st, 2009
www.lesotten.com as of July 1st, 2009
What’s worse is the blatant logo ripoff. I have compiled a progression from Obama’s logo to Otten’s, increasing Otten’s logo by 25% opacity until it was 100% opaque. I also blew up the image so you could see it in more detail. I apologize for the pixelation.
Obama/Otten logo overlay as of July 1st, 2009
After studying the logos on top of each other you notice a few things:
If you saw Otten’s logo independent of his web site/campaign, you might assume this was Obama 2.0, the launch of a new PR push within the Obama administration. It’s no coincidence that Obama’s campaign won a couple of advertising awards from Cannes Lion, those guys knew what they were doing–you see the “O”, you think “Obama.”
According to the Bangor Daily News, Edith Smith, Otten’s spokeswoman, explained that the web site design firm “used standard industry templates and colors found on political Web sites nationwide.”
Here’s a random list of other politicians’ sites that meet Smith’s “industry standards” without reusing Obama’s layout and logo. In fact, I can’t seem to find another site that does.
I started working on a small project last weekend for a [H]ard|Forum member that would allow viewing maillog log info from a web site. I wanted to make an app that would have a small footprint and would be easy to manage (code base wise as well as UI). My first instinct was to use a MVC framework like Solar or Zend but those two have more features than what I needed for this project. Remember, I wanted a small footprint.
I decided to give Savant3 a shot. This at least allows me to separate my controller logic from my view logic. I only had one controller and one template so code overhead wasn’t an issue.
One of the things missing from this system was a way to easily handle URIs/URLs. Since Savant3 is a template engine, I wouldn’t necessarily expect a URI handler. However, I felt that having a plugin that handles URIs was worth the effort, even with a project of this size.
Since the plugin code is still a bit messy (missing inline docs, needs a little bit of refactoring, etc) I can only show you usage examples for now. I plan on cleaning up the code and releasing the plugin on this site shortly.
Here is how one might use this URI plugin in a Savant3 template:
// builds the URI based off of the current URL $uri = $this->uri()->fromCurrentUrl(); // allows setting query info $uri->query = 'order=name_asc'; // this adds to the query, it does not overwrite it $uri->query = 'page=2'; // returns only the query portion: '?order=name&page=2' $uri->get(); // this will update page to 'page=3' $uri->query = 'page=3'; // again we only return the query portion: '?order=name&page=3' $uri->get(); // we can also set a full query as well and we can provide keys without values $uri->query = 'order=name_desc&page=3&submitted' // currently there is not a way to remove a single piece of the query // we have to reset the whole query and rebuild it unset($uri->query); // passing 'true' to get() gives us the whole URI // for example: http://white-box.us/somedir/index.php $uri->get(true);
The rest of the functionality works much like Solar_Uri (currently w/the exception of path and query behavior), being able to set each piece of the URI before returning a newly built URI.
http://code.google.com/p/dropbox-api/
A while back (3 or 4 months) I emailed the guys over at Dropbox asking them about a public API. The response I got was basically that in the near future they will have something. I want it now!! Guess I will have to keep tabs on that Google Group (link above).