PHP, CURL with Twitter, Friendships / create

Question

Based on this question, I have extracted, the token of a twitter JS file, without using the library:

https://github.com/divinity76/hhb_.inc.php/blob/master/hhb_.inc.php

I believe, that only with cURL solves, see below my code:

<?php

require_once './system/config.php';

$TwitterUser = null;

if (isset($_SESSION[SITE_TITLE . '_SESSION'])) {
    $TwitterUser = $_SESSION[SITE_TITLE . '_SESSION'];
}

$twitter_url_js = 'https://abs.twimg.com/k/pt/init.pt.8a8c7bc568e38012a94b.js';

$getToken = curl_init();
curl_setopt_array($getToken, [
        CURLOPT_URL                         => $twitter_url_js,
        CURLOPT_CUSTOMREQUEST   => 'GET',
        CURLOPT_RETURNTRANSFER  => true,
        CURLOPT_SSL_VERIFYPEER  => false,
        CURLOPT_SSL_VERIFYHOST  => 2,
        CURLOPT_USERAGENT               => $_SERVER['HTTP_USER_AGENT'],
        CURLOPT_HEADER                  => true,
    ]
);

$token = curl_exec($getToken);

preg_match('/\"([A-z0-9%]{114})\";/', $token, $matches);

$auth_token = $matches[1];

$friend_post = http_build_query([
        'screen_name' => $TwitterUser
    ]
);

$twitter_friend_url = 'https://api.twitter.com/1.1/friendships/create.json';

curl_setopt_array($getToken, [
        CURLOPT_URL                         => $twitter_friend_url,
        CURLOPT_CUSTOMREQUEST       => 'POST',
        CURLOPT_POSTFIELDS          => $friend_post,
        CURLOPT_RETURNTRANSFER  => true,
        CURLOPT_SSL_VERIFYPEER  => false,
        CURLOPT_SSL_VERIFYHOST  => 2,
        CURLOPT_CAINFO          => ROOT . 'system' . SEPARATOR . 'cacert' . SEPARATOR . 'ca-bundle.pem',
        CURLOPT_USERAGENT               => $_SERVER['HTTP_USER_AGENT'],
        CURLOPT_HEADER                  => true,
    ]
);

$friend = curl_exec($getToken);

var_dump($friend);

I received this as an answer:

'HTTP/1.1 400 Bad Request
content-length: 62
content-type: application/json; charset=utf-8
date: Sun, 16 Jul 2017 23:56:55 GMT
server: tsa_d
set-cookie: guest_id=v1%3A150024941521507075; Domain=.twitter.com; Path=/; Expires=Tue, 16-Jul-2019 23:56:55 UTC
strict-transport-security: max-age=631138519
x-connection-hash: 2d6dd7875837513960a72f9bfc09724b
x-response-time: 131
x-tsa-request-body-time: 0

{"errors":[{"code":215,"message":"Bad Authentication data."}]}' (length=472)

How to use this token now? NOTE: I am not using API.

Do you have `cookie` **CT0** ? – Coruja Jul 17 '17 at 03:37 — Coruja, Jul 17 '17 at 03:37

score 1 · Answer 1 · answered Jul 19 '17 at 13:56

1

This is against Twitter's developer policy and your application and IP risk being banned from the platform. Furthermore, Twitter's rules explicitly prohibit the kind of application you are building - see https://support.twitter.com/articles/20171936

Only applications using the official Twitter API are supported.

answered Jul 19 '17 at 13:56

Andy Piper

11,422
2
26
49

I'm not doing it anymore – WillBB Jul 19 '17 at 23:10
Oh that's ok then. – Andy Piper Jul 19 '17 at 23:11

PHP, CURL with Twitter, Friendships / create

1 Answers1