Step 1: Grant write access to Tweetie2Flickr on Flickr

What is this?

Tweetie 2 does not have an option to upload to Flickr currently. Using the custom image service I've implemented an incredibly rough solution in PHP that no one should be proud of. Tweetie 2 sends your twitter credentials in plain text to whatever image provider you choose. If you use any custom image provider they could get access to your twitter account after you post an image once. That said, I wrote this service for myself and you are welcome to use it. I've found 2 other options for posting to flickr: ebonical's solution in ruby and the wur.me service.

How does this service differ from the others? This service does not save any of your data. Instead of saving your twitter password and flickr authentication token in a database both of these are included in the custom URL. The twitter password is encrypted using a 1-way hash. When Tweetie 2 posts the image to this service it compares the hash of the password from Tweetie with the one in the generated custom URL. If they match, the photo will be sent to your flickr account. In theory, my implementation doesn't really help the safety of your twitter account much because Tweetie sends your twitter username and password every time you post a photo.

How does this work?

To set this up you need to do three things. Grant write permissions to Tweetie2Flickr, enter your twitter password so it can be encrypted, copy/paste the generated custom URL into Tweetie 2.

I use multiple twitter accounts with different passwords, can I use your service?

Nope. I only have one twitter account.

Can I run my own?

Sure. You can grab the source here. All you have to do is set your own Flickr API and secret keys and the URL for where you are hosting the index.php file. You can view the index.php file below.


<?php 
if (strpos(__FILE__, ':') !== false) {
    $path_delimiter = ';';
} else {
    $path_delimiter = ':';
}
ini_set('include_path', ini_get('include_path') . $path_delimiter . dirname(__FILE__) . '/PEAR');
require_once 'HTTP/Request.php';

// set these values
$flickr_apikey="";
$flickr_api_secret="";
$base_url="http://www.someurl.com/";

// if you want to change the default title, description or tags set for photos uploaded
// you can also add to your custom URL the title, description and tags parameters
$default_title_for_photo="Photo from Twitter";
$default_description_for_photo="";
$default_tags_for_photo="twitter";

// privacy settings for flickr, you likely want to leave these all to 1
$is_public=1;
$is_friend=1;
$is_family=1;

// this happens when tweetie posts the image
// h is the hash of the users twitter password
// t is the flickr token
// password is the plain text password from tweetie
// tmp_name is the location of the photo that was uploaded
if (isset($_GET['h']) && isset($_GET['t']) && isset($_POST['password']) && isset($_FILES['media']['tmp_name']))
{
    $auth_token=$_GET['t'];
    $password = $_POST['password'];
    $media = $_POST['media'];
    $photo_file = $_FILES['media']['tmp_name'];
    
    if (isset($_GET['title'])) 
    {
        $default_title_for_photo = $_GET['title'];
    }
    if (isset($_GET['description'])) 
    {
        $default_title_for_photo = $_GET['description'];
    }
    if (isset($_GET['tags'])) 
    {
        $default_title_for_photo = $_GET['tags'];
    }
     
    // only proceed if the hash in the URL matches the password hash from tweetie
    if ($_GET['h'] == md5($password))
    {
        $upload_req =& new HTTP_Request();
        $upload_req->setMethod(HTTP_REQUEST_METHOD_POST);
        $upload_req->setURL("http://api.flickr.com/services/upload/");
        $upload_req->clearPostData();

        // generate the flickr signature
        $args = array("api_key" => $flickr_apikey, "title" => $default_title_for_photo, "description" => $default_description_for_photo, "tags" => $default_tags_for_photo, "is_public" => $is_public, "is_friend" => $is_friend, "is_family" => $is_family);
        $args = array_merge($args, array("auth_token" => $auth_token));
        ksort($args);
        $auth_sig = "";
        foreach ($args as $key => $data) 
        {
            if ($data !== null) 
            {
                $auth_sig .= $key . $data;
                $upload_req->addPostData($key, $data);
            }
        }
        $api_sig = md5($flickr_api_secret . $auth_sig);
        $upload_req->addPostData("api_sig", $api_sig);
        $result = $upload_req->addFile("photo", $photo_file);

        if (PEAR::isError($result)) {
            die($result->getMessage());
        }

        // fire off the request
        if ($upload_req->sendRequest()) 
        {
            $response = $upload_req->getResponseBody();
        } 
        else 
        {
            die("There has been a problem sending your command to the server.");
        }

        $rsp = explode("\n", $response);
        foreach ($rsp as $line) 
        {
            if (ereg("<photoid>(.*)</photoid>", $line, $match)) 
            {
                // encode the flickr photo id in base58
                $num=$match[1];
                $alphabet="123456789abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ";
                $base_count = strlen($alphabet);
                $encoded = '';
                while ($num >= $base_count) 
                {
                    $div = $num/$base_count;
                    $mod = ($num-($base_count*intval($div)));
                    $encoded = $alphabet[$mod] . $encoded;
                    $num = intval($div); 
                }
                if ($num) $encoded = $alphabet[$num] . $encoded;
                
                echo "<mediaurl>http://flic.kr/p/" . $encoded . "</mediaurl>";
            }
        }                                
    }
}
// twitter password and token available to display the URL for tweetie
else if (isset($_POST['twitter_password']) && isset($_POST['token']))
{
    ?>
    Your Tweetie2Flickr custom URL:
    <div><? echo "http://".$base_url."?h=".md5($_POST['twitter_password'])."&t=".$_POST['token']; ?></div>
    <div>You likely should copy this URL and paste it into Tweetie 2 instead of attempting to type it out.</div>    
    <?
}
// this happens when flickr calls back to this page after the user has granted permissions to t2f
else if (isset($_GET['frob'])) 
{
    // create the flickr signature
    $auth = $flickr_api_secret.'api_key'.$flickr_apikey.'formatphp_serialfrob'.$_GET['frob'].'methodflickr.auth.getToken';
    $auth_token = md5($auth);
    $params = array(
        'method' => 'flickr.auth.getToken',
        'api_key' => $flickr_apikey,
        'frob' => $_GET['frob'],
        'api_sig' => $auth_token,
        'format' => 'php_serial',
    );

    foreach($params as $k => $v)
    {
        $c_params[$k] = urlencode($k).'='.urlencode($v);
    };

    $url = 'http://api.flickr.com/services/rest/?'.implode('&', $c_params);
    $rsp = file_get_contents($url);
    $rsp_obj = unserialize($rsp);
    $token = $rsp_obj['auth']['token']['_content'];
?>
<form action="/" method="post" enctype="multipart/form-data">
Step 2: Encode your twitter password: <input type="text" name="twitter_password" value="">
<input type="hidden" name="token" value="<? echo $token; ?>">
<input type="submit" value="Submit">
</form>
<?    
}
else
{
    $auth = $flickr_api_secret.'api_key'.$flickr_apikey.'permswrite';
    $auth_token = md5($auth);  
?>

<div>Step 1: <a href="http://flickr.com/services/auth/?api_key=<? echo $flickr_apikey; ?>&perms=write&api_sig=<? echo $auth_token; ?>">Grant write access to Tweetie2Flickr on Flickr</a></div>
<hr/>
<h3>What is this?</h3>
<div>Tweetie 2 does not have an option to upload to Flickr currently.  Using the <a href="http://developer.atebits.com/tweetie-iphone/custom-image/">custom image service</a> I've implemented an incredibly rough solution in PHP that no one should be proud of.  Tweetie 2 sends your twitter credentials in plain text to whatever image provider you choose.  <b>If you use any custom image provider they could get access to your twitter account after you post an image once.</b>  That said, I wrote this service for myself and you are welcome to use it.  I've found 2 other options for posting to flickr: <a href="http://github.com/ebonical/tweetie_flickr">ebonical's solution in ruby</a> and the <a href="http://wur.me/">wur.me service</a>.</div>
<br />
<div>How does this service differ from the others?  This service does not save any of your data.  Instead of saving your twitter password and flickr authentication token in a database both of these are included in the custom URL.  The twitter password is encrypted using a 1-way hash.  When Tweetie 2 posts the image to this service it compares the hash of the password from Tweetie with the one in the generated custom URL.  If they match, the photo will be sent to your flickr account.  In theory, my implementation doesn't really help the safety of your twitter account much because Tweetie sends your twitter username and password every time you post a photo.</div>
<h3>How does this work?</h3>
<div>
To set this up you need to do three things.  Grant write permissions to Tweetie2Flickr, enter your twitter password so it can be encrypted, copy/paste the generated custom URL into Tweetie 2.
</div>
<h3>I use multiple twitter accounts with different passwords, can I use your service?</h3>
<div>
Nope.  I only have one twitter account.
</div>
<h3>Can I run my own?</h3>
<div>Sure.  You can grab the source <a href="source.zip">here</a>.  All you have to do is set your own Flickr API and secret keys and the URL for where you are hosting the index.php file.  You can view the index.php file below.
</div>
<hr/><br/><br/>
<?
highlight_file('source.php'); 
} 
?>