On Oct 4, 2008, at 4:40 AM, Sybren A. Stüvel wrote:
> Why enable the automatic slashing if you're going to strip them? And:
> are you 100% sure that the automatic slashing is on anyway? If it is,
> shouldn't you be stripping $parameter as well?

Brilliant question. It's because I can't turn it off in this
situation (because of the way the PHP setting for this works) and
actually don't want to except for isolated cases such as this. I'm
not striping the $parameter value because it is always a lowercase
value with no quotes and so there aren't ever any slashes to remove.
Just out of curiosity tried it on the parameter as well and it makes
no difference.

>> $parameter_string = substr($parameter_string, 0, -1);
>
> What does that do? Usually a -1 in such a function means "strip the
> last char", but from the foreach-loop above it looks like you should
> be stripping the first character instead.
>
> Of course, I may be wrong in everything I wrote - PHP is definitely
> NOT one of my favourite languages.


Hehe. That was left in from something else I had been working on.
Sometimes it takes someone else looking at your own code to realize
something silly you have done. I even distinctly remember seeing that
at one point and saying, "I need to remember to take that out!" So I
removed that now and ran again. OK, so the auth_token is getting
approved now. Instead I now get this error:

96: Invalid signature

At least something changed... I'm not seeing anywhere where the
signature could be invalid.

The signature is the built just like with the other calls (minus the
photo value as mentioned in the API docs):

<SECRET>api_key<API_KEY>auth_token<AUTH_TOKEN>

That is then md5 encoded

Then the full string looks like this:

&api_key
=
<
API_KEY
>&auth_token=<AUTH_TOKEN>&api_sig=<API_SIG>&photo=<PHOTO_BINARY_DATA>

Here is the current code now:

<?php

if ( ! class_exists('EE_XMLparser'))
{
require PATH_CORE.'core.xmlparser'.EXT;
}

$XML = new EE_XMLparser;

$this->response = '';

$photo = file_get_contents($parameters['photo']);
unset($parameters['photo']);

$parameters['api_key'] = $this->api_key;

$auth_sig = '';

ksort($parameters);

foreach ($parameters as $parameter => $value)
{
$parameter_string .= '&'.
$parameter.'='.urlencode(stripslashes($value));
$auth_sig .= $parameter.stripslashes($value);
}

if (array_key_exists('auth_token', $parameters))
{
$parameter_string .= '&api_sig='.md5($this->secret.$auth_sig);
}

$parameter_string .= '&photo='.$photo;

// Get the curl session object
$session = curl_init($this->upload_url);

// Set the POST options.
curl_setopt($session, CURLOPT_POST, TRUE);
curl_setopt($session, CURLOPT_POSTFIELDS, $parameter_string);
curl_setopt($session, CURLOPT_HEADER, TRUE);
curl_setopt($session, CURLOPT_RETURNTRANSFER, TRUE);
//curl_setopt($session, CURLOPT_TIMEOUT, 180);

// Do the POST and then close the session
$this->response = curl_exec($session);
curl_close($session);

if (!($this->response = strstr($this->response, '<?xml'))) {
$this->response = null;
}

$this->response = $XML->parse_xml($this->response);

?>

Jamie

ContentNext
503-475-1036