How to change twitter status with php and curl without oAuth

Twitter api authentication Since the 31 of august 2010, twitter made its API more secure, stopping basic authentication calls. So,…

Settembre 9, 2010

Twitter api authentication
Since the 31 of august 2010, twitter made its API more secure, stopping basic authentication calls.
So, if you used basic authentication you have to change your code and implement oAuth authentication model (you can read about oAuth on Wikipedia).

The oAuth authentication model
Using oAuth means that you have to register an application on twitter developer site, understand the new model and implement it (here they suggest how to pass to oAuth). In the oAuth model the process of authenticating a user need to take the user on twitter’s site, here he is recognized and he has to grant permission to your application by clicking on an “Allow” button. After this grant step the user is redirected to the application web site with a “token” and a “secret”, and the application that calls the API for posting or reading need to authenticate each call by adding some parameters created with “token” and “secret”. Before this, we needed a few lines of curl to change the status now we need a lot of code, and we really need a user that click on the “allow” button, at least the first time (than we can store “token” and “secret” for each user on database and re-use for each call).
Well, this process is also much more complex, so it’s not possible to think: “I do it by myself!”

Do It Yourself oAuth
I’m really stubborn and I’ve spent quite a day trying to make my own mini-function to post to twitter. But I did only a small part of the process and this part doesn’t fully work and also it wasn’t enough “mini” to include it in my mini php spider class.
So, if you want to use oAuth, I suggest you to use an existing class, especially if you don’t have a week of free time to spend.

Spider, the rough way
twitter php set status with curl
Thus, I did it the rough way: I wrote a bot that calls twitter home, finds the right form to login, fills it with my credentials, and post it. This post returns another page, that’s my homepage, so my bot finds the form to tweet, fills it and sends it. One hour of work, no oAuth. And here is the Php function:

function twitterSetStatus($user,$pwd,$status) {
	if (!function_exists("curl_init")) die("twitterSetStatus needs CURL module, please install CURL on your php.");
	$ch = curl_init();

	// -------------------------------------------------------
	// get login form and parse it
	curl_setopt($ch, CURLOPT_URL, "https://mobile.twitter.com/session/new");
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
	curl_setopt($ch, CURLOPT_FAILONERROR, 1);
	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
	curl_setopt($ch, CURLOPT_TIMEOUT, 5);
	curl_setopt($ch, CURLOPT_COOKIEJAR, "my_cookies.txt");
	curl_setopt($ch, CURLOPT_COOKIEFILE, "my_cookies.txt");
	curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A543a Safari/419.3 ");
	$page = curl_exec($ch);
	$page = stristr($page, "<div class='signup-body'>");
	preg_match("/form action=\"(.*?)\"/", $page, $action);
	preg_match("/input name=\"authenticity_token\" type=\"hidden\" value=\"(.*?)\"/", $page, $authenticity_token);

	// -------------------------------------------------------
	// make login and get home page
	$strpost = "authenticity_token=".urlencode($authenticity_token[1])."&username=".urlencode($user)."&password=".urlencode($pwd);
	curl_setopt($ch, CURLOPT_URL, $action[1]);
	curl_setopt($ch, CURLOPT_POSTFIELDS, $strpost);
	$page = curl_exec($ch);
	// check if login was ok
	preg_match("/\<div class=\"warning\"\>(.*?)\<\/div\>/", $page, $warning);
	if (isset($warning[1])) return $warning[1];
	$page = stristr($page,"<div class='tweetbox'>");
	preg_match("/form action=\"(.*?)\"/", $page, $action);
	preg_match("/input name=\"authenticity_token\" type=\"hidden\" value=\"(.*?)\"/", $page, $authenticity_token);

	// -------------------------------------------------------
	// send status update
	$strpost = "authenticity_token=".urlencode($authenticity_token[1]);
	$tweet['display_coordinates']='';
	$tweet['in_reply_to_status_id']='';
	$tweet['lat']='';
	$tweet['long']='';
	$tweet['place_id']='';
	$tweet['text']=$status;
	$ar = array("authenticity_token" => $authenticity_token[1], "tweet"=>$tweet);
	$data = http_build_query($ar);
	curl_setopt($ch, CURLOPT_URL, $action[1]);
	curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
	$page = curl_exec($ch);

	return true;
}

Bad things
A you can see from the code there are some things that are not good: we need to make 3 calls because we need to login using a hidden authentication token at the login. This means that this function is slow.
Twitter do not like these methods.
If twitter changes its code, it could happen that this function doesn’t work anymore.

Mini bot class
This class will be included in the Mini bot class, you can try a demo here.

Author

PHP expert. Wordpress plugin and theme developer. Father, Maker, Arduino and ESP8266 enthusiast.

Comments on “How to change twitter status with php and curl without oAuth”

15 thoughts

  1. Phil Sturgeon ha detto:

    Not a bad hack, but a better solution would be to use http://simpleauthtwitter.heroku.com/

  2. Giulio Pons ha detto:

    Nice system Phil. With your it will appear ‘sent via Simple Auth Tweeter’ with my hack it will be ‘sent via mobile web’. Can I add also your system to my Mini Bot Class?

  3. Jorge Garifuna ha detto:

    Great job. This works great for me.

  4. Greg Steimann ha detto:

    For the record, you’re a genius!

  5. dait ha detto:

    tell me how to use the code

  6. Feru ha detto:

    Is the demo working?

  7. julian ha detto:

    This doesn’t work anymore. Twitter changed their layout.

  8. Giulio Pons ha detto:

    7/June/2011
    It still works! Twitter method without oAuth still works.

  9. Ed ha detto:

    Man this code save my skin! Thank you

  10. Hugo ha detto:

    Hello!! Is there any way to change twitter status using the main twitter domain, not the mobile one?? So that way it appears posted as “via web”!!

  11. Giulio Pons ha detto:

    Yes, there is. But it’s a bit difficult to handle the html tags because it’s a bit more complex and it changes more often.

  12. Phan Dinh Khai ha detto:

    Not work for me. i tested it now at 31/5/2012

  13. Nite ha detto:

    hi giulio is there any method to send updates from flash to twitter

    thanks :)

Comments are closed

Recommended

PHP bot to get wikipedia definitions

Wikipedia, the collaborative and multilingual encyclopedia project, has a lot of usefull terms defined in its database, you can find…

Agosto 29, 2010

PHP to post on a Facebook page

Hi, I’ve modified the Mini Bot Class, I’ve fixed the Facebook status update and I’ve implemented the function to post…

Luglio 28, 2010

How many times a web link has been shared on Twitter

Twitter share button and Facebook share button are the most used buttons to share links on Internet. You can read…

Ottobre 19, 2012

Get URL parameter in javascript

Sometimes in javascript you have the variable that you need to use in the url, as a parameter passed in…

Novembre 25, 2010

PHP curl bot to update Facebook status

I’ve found this great mini bot from Alste blog, and I’ve decided to add it to the mini bot class.…

Marzo 1, 2010

New version of Mini Bots PHP Class (v.1.4)

I’ve added three more bots to the Mini Bots Php Class, now the version number is 1.4 and it has…

Gennaio 20, 2010