February 26, 2012

Wall Street vs Silicon Valley

Wall Street seems to be changing:
“If you’re a smart Ph.D. from MIT, you’d never go to Wall Street now,” says a hedge-fund executive. “You’d go to Silicon Valley. There’s at least a prospect for a huge gain. You’d have the potential to be the next Mark Zuckerberg. It looks like he has a lot more fun.”

Source: New York Magazine 

February 21, 2012

Sign in with Twitter tutorial with example in php

This is a tutorial on how you can create a login with Twitter in php. Using Twitter is better compared with having your own login-system since it is easier for your users to login - they don't need to register on your web service. It is also better from a security point of view - Twitter can probably afford several expensive experts and can make the login more safe compared to your own login. You don't want to leave any scary security gaps for hackers. The documentation at Twitter.com is not that good on how to do this so this sign in with Twitter tutorial is supposed to make it easier to understand by providing a clean example.

What you need is 5 php files (you can probably have fewer, but it is easier to understand if we have 5 files):
  • index.php - this is the main file - or your web service
  • login_to_twitter.php - send information to Twitter
  • twittersecret.php - secret parameters from dev.twitter.com
  • login_from_twitter.php - receive information from Twitter
  • logout.php - if the user wants to logout

The main point of this file is to display a login-with-twitter-button if the user has not signed in with Twitter - or display the @name of the user and a logout-button if the user has signed in with Twitter


//The user has logged in
if (isset($_SESSION['twitter_id'])) {
$screen_name = $_SESSION['screen_name'];
echo '<p>@'.$screen_name.' |  <a href="http://www.yoursite.com/_include/login/logout.php" title="Click here to logout">Logout</a></p>';

//The user has not logged in
else {
echo '<a href="http://www.yoursite.com/_include/login/login_to_twitter.php"><img src="http://www.yoursite.com/_img/twitterbutton.png" title="Click here to sign in with Twitter!" /></a>';


The main point of this file is to send data to Twitter so the user can sign in to Twitter and then be redirected back to your page. What you need to do to make this work is to:
  • Download the three files: EpiCurl.php, EpiOAuth.php, and EpiTwitter.php from:  github.com/jmathai/twitter-async/
  • Register your application at: dev.twitter.com/ 
    • The callback URL is in this case: www.yoursite.com/_include/login/login_from_twitter.php
    • You also need to create a file with the $consumer_key and $consumer_secret with data from dev.twitter.com



$twitterObj = new EpiTwitter($consumer_key, $consumer_secret);

$authenticateUrl = $twitterObj->getAuthenticateUrl();

/* Redirect to the Twitter login page */
header('Location: '.$authenticateUrl.'');


These are personal and obtained when you have created the application at dev.twitter.com

$consumer_key = 'xxx';
$consumer_secret = 'yyy';

This is the page you come to after you have signed in with Twitter at twitter.com. The point of this page is the obtain the twitter_id and the @name. If you want so save data about the user in a database, you should use the twitter_id. If you use the @name, the user may change it and mess up your database. One can't change the twitter_id.



/* Once the user authenticates with Twitter they are redirected back to the callback url along with a "request token" called "oauth_token" This is the same "request token from login_to_twitter.php" */ 
if (isset($_GET['oauth_token'])) {
$twitterObj = new EpiTwitter($consumer_key, $consumer_secret);
/* Use the setToken method to set the "access token" and "access token secret key" by using the "request token". We need these to later access the users information such as user name */
$token = $twitterObj->getAccessToken();
$twitterObj->setToken($token->oauth_token, $token->oauth_token_secret);
/* Get user data from the twitter account
* $screen_name is the @name
* $twitter_id is the id of the user - one can change the @name but not the id
* You can also get other types of information from the user here
$userdata = $twitterObj->get_accountVerify_credentials();
$twitter_id = $userdata->id;
$screen_name = $userdata->screen_name; 

//Set the session variables
$_SESSION['twitter_id'] = $twitter_id;
$_SESSION['screen_name'] = $screen_name; //This is the @name

//Here you can add code if you want to save the $twitter_id in the database

/* The user clicked on "Cancel, and return to app" when asked to login at the twitter.com page or the user managed to find this file on his own without first being connected to the twitter.com page */
else {
//Send back the user to the main page
header('Location: http://www.yoursite.com/');


header( 'Location: http://www.yoursite.com/' );

Final note
One problem with this is that you have to upload everything to your server if you want to test if everything is working. Using something like XAMPP will not work!

If you would like to read more about how to sign in with Twitter and social login, you can use the following resources: