Summary of Sina Weibo Application Development (informal apps without authorization)

I have been interested in developing Weibo applications for a long time, but I have never had idea, so I keep putting it on hold. A few days ago, wooyun said that the Weibo reminder interface could view the number of unread information of any user. Therefore, it took two days for developers to develop a related application. Of course, this cannot be a normal application. After all, I don't know whether this vulnerability is fixed by sina. Besides, this application is useless ......

 

First of all, if you want to use the microblogging interface, you must create an application, the address: http://open.weibo.com/development to create a station application can be. Since it is in the station application, I also want to have a site of their own, so I use Sina SAE to build their own server, the address: http://sae.sina.com.cn /? M = appwizard. Before creating a site, you must first install an application or framework. Then, you can upload files or SVN to manage the site, manage databases, and edit files online. After installing a development framework in the App Store, you will have a website that already contains the DEMO and Some Weibo and database operations. Directly export de_once ('saetv2. ex. class. php'); you can use this class to call Weibo APIs. For API documentation, visit http://open.weibo.com/wiki/api?e6=96%87%e6%a1%a3_v2. You can also install web applications such as WP in SAE, but I don't think it is used to develop Weibo applications, and the installation consumes a lot of memory and disk space, therefore, the framework can be installed to build your own site. For details about how to create an SAE site and Weibo application, refer to the relevant link at the end of the article)

In the basic information of the application, set the actual address of the application to the address of the site you just set up, and add the test user to the advanced information. Finally, modify the value of $ _ SESSION ['os2'] ['oss _ token'] in the DEMO output. This value is also called access_token, indicating that the test user authorizes your application, with this value, you can use OAuth2.0 to call the Weibo API. Therefore, with access_token, you can set the test environment locally without wasting SAE resources. However, note that the default expiration time of access_token in OAuth2.0 is one day. That is to say, if you directly use this value in the program, you can use the application without authorization, but the validity period is one day.

Note: The preceding direct use method is not used by normal applications. After normal application development is completed, it should be submitted and reviewed. After the application is approved, other Weibo users can authorize and use the application, different users are authorized to obtain different access_token. Using this value, you can use the API to view the corresponding user information or perform various operations. In the program, you only need to use $ _ SESSION ['oss _ token'] ['oss _ token'] As the construction parameter of the Weibo class. In short, the reason why my app is free of authorization is that it obtains the access_token through the authorization of the added test user and assigns a value manually before it can be used for trial.

And microblogging unread information reminder interface description in the http://open.weibo.com/wiki/2/remind/unread_count, because the input uid as a parameter, and the query user input is microblogging nickname, so need to convert, so use this interface http://open.weibo.com/wiki/2/users/show.

 

The rest is interface design, database design, and code writing. I only used a script and it has nothing to do with the DEMO file except the configuration file. Let's take a look at the notes.

Set access_token in the include configuration file and Weibo, and use htmlspecialchars to process input data.

 
 

  
  
include_once( 'config.php' ); 
  
  
include_once( 'saetv2.ex.class.php' ); 
  
  
 
  
  
$access_token = "2.00SaOjjC2PrzYBc99be8c025xsHYpB"; 
  
  
$name = htmlspecialchars( trim($_POST['username']) ); 
 
 

Because this is an authorization-free application, you need to manually set $ access_token and input it as a parameter. SaeTClientV2 is included in saetv2.ex. class. php. Through this class, you can call the Weibo API. Show_user_by_name () can get user information through Weibo nickname.

 
 

  
  
$c = new SaeTClientV2( WB_AKEY , WB_SKEY , $access_token  ,'' );  
  
  
$users = $c->show_user_by_name( strval($name) ); 
 
 

Form creation is also very simple, just an input box and button. Because the form is set to POST to itself, a hidden must be added to determine whether to submit the form. For example, if ($ _ POST ['action'] = 'unread') is used '). In particular, when a null value is entered, it can be distinguished whether the form is just opened or submitted, but the input is empty. In addition, the input null value is different from the input blank character.

 
 

  
  
<Div style = "padding: 10px; background: # e9e9e9; text-align: center;">
  
  
<Form action = "" method = "POST">
  
  
Nickname: <input type = "text" id = "username" name = "username" class = "input" maxlength = "32" value = "<? = $ Name?> "/>
  
  
& Nbsp; <input type = "submit" value = "query" class = "bt"/>
  
  
<Input type = "hidden" name = "action" value = "unread"/>
  
  
</Form> </div>
 
 

If the user ID is obtained through the users/show interface, call the remind/unread_count interface to obtain and display the user ID. Otherwise, the error cause will be determined through the returned error_code, and the following four errors will be known for the time being.

 
 

  
  
If (isset ($ users ['id']) {
  
  
// The query result is output, and the code is omitted.
  
  
}
  
  
Elseif (isset ($ users ['error _ Code']) {
  
  
If ($ users ['error _ Code'] = 10006) // source paramter (appkey) is missing
  
  
P ("This application has expired. If you want to continue using it, please contact the author. Thank you! ");
  
  
Elseif ($ users ['error _ Code'] = 10008)
  
  
P ("Enter your nickname! ");
  
  
Elseif ($ users ['error _ Code'] = 20003)
  
  
P ("user". $ name. "does not exist! ");
  
  
Elseif ($ users ['error _ Code'] = 21327) // expired_token
  
  
P ("access_token has expired. If you want to continue using it, please contact the author. Thank you! ");
  
  
Else
  
  
P ("error:". $ users ['error _ Code']);
  
  
$ Result = json_encode ($ users );
  
  
}
  
  
Else {
  
  
P ("an unknown error occurs. Please query again! ");
  
  
$ Result = json_encode ($ users );
  
  
}
 
 

To improve the user experience, set the input focus in the input box using JS to facilitate user input and multiple queries.

 
 

  
  
<script type="text/javascript"> 
  
  
document.getElementById('username').focus(); 
  
  
</script> 
 
 

Database Operations use the classes encapsulated by SAE for operations, and data tables have been designed by SAE. The primary key id is auto-incrementing. If the query is successful, the name is the microblog nickname or the name entered by the user. If the query is successful, the uid returns the microblog user id. Otherwise, the value is 0. This data should not be changed to the nickname, it can also identify whether the query operation is successful), ip determines the number of users, time is required, and I use a time stamp to record the readability is not strong, the result is the json result returned by the interface, whether it is successful or not, it will be recorded.

 
 

  
  
$mysql = new SaeMysql(); 
  
  
$mysql->runSql("INSERT INTO {$dbtable} (id, name, uid, ip, time, result) VALUES ('', '$name', '$uid', '$ip', '$timestamp', '$result')"); 
  
  
$mysql->closeDb(); 
 
 

 

Finally, the demonstration of the application, the interface is relatively simple, and there are not many messages obtained through the two interfaces.

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131228/134K44306-0.jpg "/>

 

Code summary:

The operation of the form should be determined through the hidden input;

Handling any user input and timely feedback;

Every time you use a function, pay attention to failures;

For the interface center problem, the main div uses margin: 0 auto; Center, which means to center the container itself. The form and title use text-align: center; to center the elements in the container. Of course, you can use margin: 0 auto; to center a block. However, if the width of the block is smaller than that of the parent container, the element in the block is not centered.

If the SaeTClientV2 class has no functions related to the new interface, such as the unread_count unread reminder Interface), you can directly use the get () function of the SaeTOAuthV2 class to unify the variables, therefore, the following code is actually written by me, rather than using the SaeTClientV2 class as mentioned above.

 
 

  
  
$ O = new SaeTOAuthV2 (WB_AKEY, WB_SKEY, $ access_token, NULL );
  
  
 
  
  
// Use $ _ POST ['action'] to determine whether to submit a form, instead of determining whether $ _ POST ['username'] is null.
  
  
If ($ _ POST ['action'] = 'unread '){
  
  
$ Showparams = array ();
  
  
$ Showparams ['screen _ name'] = strval ($ name );
  
  
$ Users = $ o-> get ('users/show', $ showparams );
  
  

  
  
If (isset ($ users ['id']) {
  
  
$ Unreadparams = array ();
  
  
$ Unreadparams ['uid'] = $ users ['id'];
  
  
$ Remind = $ o-> get ('remind/unread_count ', $ unreadparams );
  
  
If ($ remind ){
  
  
// Output query results
 
 

 

The last step was to publish the application on Weibo at, February 9. After 24 hours, some information was collected.

353 times of use, including test data:

 
 

  
  
SELECT count(*) FROM `temp_unread` WHERE time < 1328879760 
 
 

33 users:

 
 

  
  
SELECT count(*) FROM ( SELECT DISTINCT ip FROM `temp_unread` WHERE time < 1328879760 ) AS t 
 
 

A total of 87 names are searched, including incorrect input:

 
 

  
  
SELECT count(*) FROM ( SELECT DISTINCT name FROM `temp_unread` WHERE time < 1328879760 ) AS t 
 
 

Errors are not included. there are 74 errors in total:

 
 

  
  
SELECT count(*) FROM ( SELECT DISTINCT uid FROM `temp_unread` WHERE time < 1328879760 AND uid != 0 ) AS t 

 
 

Through the database record, it is found that when two different users use this application at the same time, null may be returned. I do not know whether this is a problem of Sina or whether my program is not complete enough or how to deal with this situation.

Other statistics:

354.01 kb http inbound

HTTP outbound traffic: 1.27 MB

MySQL disk consumes 7.35 KB

SAE consumes 0.29 yundou resources.

 

Related documents:

Site Application Development Guide

SAE Getting Started Guide

Oau2's description

SaeTOAuthV2 class description

SaeTClientV2 class description

SaeMysql class description

This article is from the "LuckyHJH technology blog" blog, please be sure to keep this source http://luckyhjh.blog.51cto.com/2977099/776791