Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming use CITwitter lib without store user's info
use CITwitter lib without store user's info
  • El Forum
    Guest
  •  
#1
04-21-2009, 03:56 AM

[eluser]Berserk[/eluser]
Hi there,
i'm using CITwitter for my site, my members can update their activies to twitter though my site.But i don't want to store their infomation(username,password), anyone can tell me an idea ?
If store their infos, what're problems i must care ?
Thanks
  • El Forum
    Guest
  •  
#2
04-21-2009, 04:00 AM

[eluser]xwero[/eluser]
can you give a link to the library as i can't find it anywhere.

If you don't want to store there username and password you have to provide a login form and remember they are logged in once they did. But i don't know if you have to change the library to do this.
  • El Forum
    Guest
  •  
#3
04-21-2009, 04:56 AM

[eluser]Berserk[/eluser]
it's CITwitter lib by Simon Maddox

http://www.simonmaddox.com/?p=30
  • El Forum
    Guest
  •  
#4
04-21-2009, 05:36 AM

[eluser]Phil Sturgeon[/eluser]
You may not have a great deal of choice about that. You obviously need to store it somewhere somehow, but no matter what it needs to end up being sent to twitter in plain text (at least using cURL/XML).

This is the line where it is used:

Code:
curl_setopt($ch, CURLOPT_USERPWD, $this->username . ':' . $this->password);

I don't think there is any way round it, but you could certainly find a way around storing your passwords in plain text by using base64 encode combined with the CI salt or a salt of your own. Remember if you make the salt random you would need to store that in the DB too and you are back to square one.
  • El Forum
    Guest
  •  
#5
04-21-2009, 05:55 AM

[eluser]garymardell[/eluser]
Actually you don't have to store it. Twitter have released OAuth support. This works to have the login side down at the twitter site and the user is redirected back with a token. http://apiwiki.twitter.com/OAuth-FAQ There is also a php library, i believe.
  • El Forum
    Guest
  •  
#6
04-21-2009, 06:43 AM

[eluser]xwero[/eluser]
I find it a bit strange the twitter api uses http instead of https, i wonder why hackers haven't taken advantage of that yet? You don't even need to have a developer key. I guess everything is public on twitter.

if you want to use the library without changes you need to put the username and password once people are logged in because you have to add them to the library.
Code:
if(isset($_SESSION['twitter_user']))
{
    $this->load->library('twitter');
    // and everything else you want to do with it
}
else
{
   // login form
}
You could encrypt the username and password but it gets send in plaintext so they can be intercepted with each api call.

If you want to use the OAuth method you have to change the library. But instead of the username and password you have to store the token in a session.




Theme © iAndrew 2016 - Forum software by © MyBB