Invalid signature uploading photo to flickr

Question

I am using the following code:

<?php
 $token = $_REQUEST['token'];
 $file = $_REQUEST['file'];
 $sig = "xxxxxxxxxxxxxxxxxapi_keyxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxauth_token" . $token;
 $sign = md5($sig);
 $url = "http://api.flickr.com/services/upload/";
 $ch = curl_init();
 /**
 * Set the URL of the page or file to download.
 */

 $body = "api_key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&api_sig=" . $sign .         "&auth_token=" . $token . "&photo=" . $file;

 curl_setopt($ch, CURLOPT_URL, $url);

 curl_setopt($ch, CURLOPT_POST, 1);
 curl_setopt($ch, CURLOPT_POSTFIELDS, $body);

 /**
 * Ask cURL to return the contents in a variable
 * instead of simply echoing them to the browser.
 */
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 /**
 * Execute the cURL session
 */
 $contents = curl_exec ($ch);
 /**
 * Close cURL session
 */
 curl_close ($ch);

 echo $contents;
?>

to create my signature for the flickr upload post call. However, it keeps telling me its invalid....what am I doing wrong?

maybe you could have a quick look at my code?

Answer 1

public function sync_upload($photo, $title = null, $description = null, $tags = null, $is_public = null, $is_friend = null, $is_family = null)
    {
        $args = array("api_key" => $this->api_key, "title" => $title, "description" => $description, "tags" => $tags, "is_public" => $is_public, "is_friend" => $is_friend, "is_family" => $is_family);

        if (!empty($this->token)) {
            $args = array_merge($args, array("auth_token" => $this->token));
        }
        ksort($args);
        $auth_sig = "";
        foreach ($args as $key => $data) {
            if ( is_null($data) ) {
                unset($args[$key]);
            } else {
                $auth_sig .= $key . $data;
            }
        }
        if (!empty($this->secret)) {
            $api_sig = md5($this->secret . $auth_sig);
            $args["api_sig"] = $api_sig;
        }
        $photo = realpath($photo);
        $args['photo'] = new CurlFile($photo, 'image/png');
        $curl = curl_init($this->upload_endpoint);
        curl_setopt($curl, CURLOPT_POST, true);
        curl_setopt($curl,CURLOPT_SSL_VERIFYPEER,false);
        curl_setopt($curl,CURLOPT_SSLVERSION,4);
        curl_setopt($curl, CURLOPT_POSTFIELDS, $args);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
        $response = curl_exec($curl);
        curl_close($curl);

        $rsp = explode("\n", $response);
        foreach ($rsp as $line) {
            if (preg_match('|<err code="([0-9]+)" msg="(.*)"|', $line, $match)) {
               return false;
            } elseif (preg_match("|<photoid>(.*)</photoid>|", $line, $match)) {
                return $match[1];
            }
        }

    }

Hope this help.

Answer 2

I just had the same problem, tried all combinations of orders and parameters but in the end it turned out that I was missing enctype="multipart/form-data" inside html FORM tag which needs to be like this:

<FORM action="http://api.flickr.com/services/upload/" enctype="multipart/form-data" method="post">
        <P>     
        <LABEL for="api_key">api_key: </LABEL>
                  <INPUT type="text" id="Text1" name="api_key"><BR>
        <LABEL for="auth_token">auth_token: </LABEL>
                  <INPUT type="text" id="Text2" name="auth_token"><BR>
        <LABEL for="api_sig">api_sig: </LABEL>
                  <INPUT type="text" id="Text3" name="api_sig"><BR>
        <LABEL for="photo">photo: </LABEL>
                  <INPUT type="file" id="Password1" name="photo"><BR>
        <INPUT type="submit" value="Send"> <INPUT type="reset">
        </P>
     </FORM>

Answer 3

You need to include all of the post parameters, except the photo parameter, in the string (in alphabetical order) that you take the hash of.

See http://www.flickr.com/services/api/auth.spec.html#signing