Saturday, 24 March 2012

Flickr and OAuth

What is Flickr?
I think you landed on this page because you know what Flickr is, so let’s come to the point and discuss about the API.

Why am explaining?
Although each and everything, about API, is well documented on Flickr website here, I'm just trying to explain the whole process by dividing it into small parts.

Old Authentication API
The current Flickr authorization scheme is not the first one it used. In the early days of Flickr, users granted the power to an app to act on their behalf by giving  the apps their Flickr username and password. Doing so meant that in order to revoke  an app’s permission, users would have to change their Flickr password. Of course, doing that would also instantly revoke permissions of other third-­party apps with knowledge of the user’s password. The new authorization scheme is meant to correct obvious problems with the old scheme. Why should you as a user have to use your Flickr password for anything other than your dealings with Flickr? Why should revoking permissions to one app mean revoking permissions to other apps?

Old Authentication API will be deprecated
After July 31st, 2012 Flickr will no longer support the old Authentication API. Check here.

New Flickr API is based on OAuth, an open standard for authorization. In this case users are not required to submit their credentials to third party. They can allow or revoke limited permissions given to a particular app at any given time without changing their access credentials. Site like Facebook and Twitter are already using this spectrum. Flickr support OAuth 1.0a only.

Web based Application API Authentication Although Flickr provides API support for web based applications, desktop application and mobile applications. Here we will discuss only about the first one. The whole process is divided into number of steps :

1)     Get your api key

Go to the url : and create your application. I opted for Non-commercial one. Following screen will appear :

Enter your app name and description. Click on submit button. Next screen would show you the API Key and secret.


2)     Configure your key
In figure 2 there is a ‘Edit auth flow for this app’ link. Click on it. You will get the following screen.

Add description, confirm app type, enter callback url and upload app logo. Save Changes.
3)    Make signing request and get request token : 

You must sign all requests to the Flickr API. Currently, Flickr only supports HMAC-SHA1 signature encryption. For this you have to create a base string, one of the most crucial part of API implementation.

The base string is constructed by concatenating the HTTP verb, the request URL, and all request parameters sorted by name, using lexicograhpical byte value ordering, separated by an '&'.

To make an ‘Request Token’ request we have to sent number of parameters to Flickr and if  the request is successful, Flickr would return oauth_token, oauth_token_secret and oauth_callback_confirmed.

Use the following code to make token request.


$mt                    = microtime();
$rand                  = mt_rand();
$oauth_nonce           = md5($mt . $rand);
$request_token_url     = "";
$nonce                 = $oauth_nonce;
$timestamp             = gmdate('U'); //It must be UTC time
$cc_key                = "3a540b0a1863d48b8d9e484726aa8864";
$cc_secret             = "ad5ee477b09a5bb7";
$sig_method            = "HMAC-SHA1";
$oversion              = "1.0";
$callbackURL           = "";

$basestring = “oauth_callback=".urlencode($callbackURL)."&oauth_consumer_key=".$cc_key."&oauth_nonce=".$nonce."&oauth_signature_method=".$sig_method."&oauth_timestamp=".$timestamp."&oauth_version=".$oversion;

$baseurl         = "GET&".urlencode($request_token_url)."&".urlencode($basestring);

$hashkey         = $cc_secret."&";
$oauth_signature = base64_encode(hash_hmac('sha1', $ baseurl, $hashkey, true));

$fields = array(

$fields_string = "";

//You have to encode each and every field again
foreach($fields as $key=>$value)               
$fields_string .= "$key=".urlencode($value)."&";

$fields_string = rtrim($fields_string,'&');
$url = $request_token_url."?".$fields_string;

$ch         = curl_init(); 
     $timeout    = 5; // set to zero for no timeout 
     curl_setopt ($ch, CURLOPT_URL, $url); 
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); 
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout); 
$file_contents = curl_exec($ch); 

$rsp_arr = explode('&',$file_contents); 
print "<pre>";
print_r($rsp_arr); die;

This will return you the following output :

    [0] => oauth_callback_confirmed=true
    [1] => oauth_token=72157629276100562-4e2af5338eb15b36
    [2] => oauth_token_secret=5f943a1134aca412

Make a note that oauth_token is a crucial part of API and would be used 
to get Access token of users.

Note : $hashkey is a combination of secret key and oauth_token_secret 
concatenated with &. As at this step we are not having any  
oath_token_secret available so second part is empty.
$hashkey         = $cc_secret."&";

4)    Getting the User Authorization :

After getting request token now the app is ready to represent in front of it’s users. It’s done through Flickr Authorization page.

An application should never request more permissions than it needs to operate. The permissions field is a string, representing the permission level. Each level implies the level below it. Possible permissions are:
  • read - permission to read private information
  • write - permission to add, edit and delete photo metadata (includes 'read')
  • delete - permission to delete photos (includes 'write' and 'read')
For example, the permission w allows an application to read and write on behalf of the user.
We are making request for read operation so I have used perms=read
Request Flow :

Use the above retrieved request token to make the request:
Following screen will appear:

User will provide access credentials and would move to the next screen.

Click on ‘OK, I’LL Authorize IT’ and it will redirect the user to callback url we had mentioned in step 2, with two parameters oauth_token and oauth_verifier as follow :
5)  Exchanging the Request Token for an Access Token :  
After the user authorizes your application, you can exchange the approved Request Token  for an Access Token. This Access Token should be stored by your application, and used to make authorized requests to Flickr.

This is only step where we are going to use request token and request token secret to get access token and access token secret. Afterwards we will use only  Access Token and Access Token Secret to get user information.

Flow :


You will use the parameters oauth_token and oauth_token_secret got in step 3 
and oauth_verifier got in step 4.  
You can use the following code snippet to make access token request.
$request_token_url = ‘’;

$basestring = "oauth_consumer_key=".$cc_key."&oauth_nonce=".$nonce."&oauth_signature_method=".$sig_method."&oauth_timestamp=".$timestamp."&oauth_token=".$oauth_token."&oauth_verifier=".$oauth_verifier."&oauth_version=".$oversion;

$basestring = "GET&".urlencode($request_token_url)."&".urlencode($basestring);
$hashkey = $cc_secret."&".$oauth_token_secret;

$oauth_signature = base64_encode(hash_hmac('sha1', $basestring, $hashkey, true));

$fields = array(
           'oauth_token' => $oauth_token,

 $fields_string = "";
 foreach($fields as $key=>$value)    
           $fields_string .= "$key=".urlencode($value)."&";
 $fields_string = rtrim($fields_string,'&');
 $url = $request_token_url."?".$fields_string;

If I will show the output in array, in my case, it will return following :

    [0] => fullname=Shiv%20Modi
    [1] => oauth_token=72157629284623082-8dacad4ddbdc3fa2
    [2] => oauth_token_secret=4395d8b77ac3ee29
    [3] => user_nsid=63219840%40N08
    [4] => username=Modi%27s%20Screen
Here oauth_token is acess_token and oauth_token_secret is acces_token_secret. 
Store them in database for future reference and to access private data of users.
6)  Calling the Flickr API with OAuth (using access token) :

All authorization process is complete or you can say crucial part of authentication is over, a big relief!!!. Now we will use access_token, api_key and other credentials and parameters to get contact list, photo list, upload photos etc. Flickr requires HMAC-SHA1 encryption because all requests are being made insecurely using HTTP.

This is the last step of the whole process.

Here we are going to make a request to get contact list of the user.

Function : flickr.contacts.getList

I am using json format to get output in json itself.

Use following code to make request.

     $oauth_token_secret = "4395d8b77ac3ee29";
     $oauth_token        = "72157629284623082-8dacad4ddbdc3fa2";
     $basestring = "format=json&method=flickr.contacts.getList&nojsoncallback=1&oauth_consumer_key=".$cc_key."&oauth_nonce=".$nonce."&oauth_signature_method=".$sig_method."&oauth_timestamp=".$timestamp."&oauth_token=".$oauth_token."&oauth_version=".$oversion;
     $basestring = "GET&".urlencode($request_token_url)."&".urlencode($basestring);
     $hashkey    = $cc_secret."&".$oauth_token_secret;
     $oauth_signature = base64_encode(hash_hmac('sha1', $basestring, $hashkey, true));
     $fields = array(
           'oauth_token' => $oauth_token,
     $fields_string = "";
     foreach($fields as $key=>$value) {
           $fields_string .= "$key=".urlencode($value)."&";
     $fields_string = rtrim($fields_string,'&');
     $url           = $request_token_url."?".$fields_string;

If you will print the output, it would appear just like this :

{"contacts":{"page":1, "pages":1, "per_page":1000, "perpage":1000, "total":2, "contact":[{"nsid":"@user_id", "username":"@username", "iconserver":"0", "iconfarm":0, "ignored":0, "realname":"", "friend":"0", "family":"0", "path_alias":null, "location":""}, {"nsid":"@user_id", "username":"@username", "iconserver":"0", "iconfarm":0, "ignored":0, "realname":"Friend", "friend":"0", "family":"0", "path_alias":null, "location":""}]}, "stat":"ok"}

Congrats!!! The process gets complete.

If you wanna go in more detail, check here :

written by Sam Judson, an OAuth expert.

Errors : 

1) oauth_problem=timestamp_refused (check that your time is the Unix epoch time, in seconds, and that it’s UTC, not your local time)

2) oauth_problem=nonce_used (each request to Flickr should have a unique random string identifier), or oauth_problem=signature_invalid&debug_sbs=GET&

3) signature invalid is one of the most common error you may face or i would say you will definitely face, while implementing OAuth API. If you get the signature invalid error, it means that your request is generally correct but the signature is wrong. This is a tough problem since any tiny error in the base string algorithm will completely spoil the signature. To help resolving this issue, Flickr provides its own version of the base string, which you can compare to yours. I usually compare them in a Notepad by pasting the two strings one below another.

OAuth signature looks like a random string so it’s hard to debug. Therefore before searching for other problems in your code, make sure that your signature generation algorithm works correctly.

Note : 1) Alternatively, one can obtain the response in the JSON format, using two additional parameters: format=json and nojsoncallback = 1.

2) Use proper hashkey.

At any time, if you find any problem with OAuth process, feel free to comment here. I would try to solve your problem as soon as possible.

Thanks!!!!!!!!!!! Enjoy Programming :)

Saturday, 17 March 2012

Different File Transfer Protocols

TFTP : Trivial File Transfer Protocol

(TFTP) is a simple protocol to transfer files. It has been implemented on top of the User Datagram Protocol (UDP) using port number 69. TFTP is designed to be small and easy to implement, therefore, lacks most of the features of a regular FTP. TFTP only reads and writes files (or mail) from/to a remote server. It cannot list directories, and currently has no provisions for user authentication.

In TFTP the connection is opened and the file is sent in fixed length blocks of 512 bytes. Each data packet contains one block of data, and must be acknowledged by an acknowledgment packet before the next packet can be sent. A data packet of less than 512 bytes signals termination of a transfer.

It is often used by servers to boot diskless workstations, X-terminals, and routers. Due to its simple design, TFTP could be implemented using a very small amount of memory. It is therefore useful for booting computers such as routers which may not have any data storage devices. It is an element of the Preboot Execution Environment (PXE) network boot protocol, where it is implemented in the firmware ROM / NVRAM of the host's network card.

Due to the lack of security, it is dangerous to use it over the Internet. Thus, TFTP is generally only used on private, local networks.

FTP : File Transfer Protocol

FTP is a popular and fast way of moving files between a client and a server. FTP operates on the application layer of the OSI model, and is used to transfer files using TCP/IP. To do so, an FTP server has to be running and waiting for incoming requests. The client computer is then able to communicate with the server on port 21.

The problem with FTP is that it’s not secured by encryption, leaving files at risk of being compromised during transport. It does not take any precautions to protect information transmitted during a session. This includes your username, password, and any files transmitted.

FTPS : FTP-SSL/ File Transfer Protocol over SSL

File Transfer Protocol over SSL. FTPS is an encrypted flavor of the FTP protocol (kind of like how HTTPS is an encrypted flavor of HTTP).

FTPS is a real ftp that uses TSL/SSL to encrypt the control session and if required the data session. With FTPS the control session is always encrypted, but the data session might not be. Why is this? Because with the control session encrypted the authentication is protected and you always want this (normal ftp uses clear text). If you are NOT pre-encrypting the file, you want the data session encrypted so that the file is encrypted while the data is in flight. However, if you are pre-encrypting the file then you do not need to have the data connection encrypted as you do not need to add the overhead of encrypting the data connection, since the file is already encrypted.

Understand that SFTP is SSH file transfer and FTPS is FTP with SSL, FTPS is a file transport layer on top of SSL or TLS. The FTPS adds SSL-enabled FTP send and receive capabilities, uses the FTP protocol to transfer files to and from SSL-enabled FTP servers.

SFTP : Secure File Transfer Protocol/ SSH File Transfer Protocol/ Secret File Transfer Protocol

"sftp is an interactive file transfer program, similar to ftp, which performs all operations over an encrypted ssh transport".

SSH File Transfer Protocol. SFTP uses the Secure Shell (ie: SSH) protocol to encrypt all file transfer communications. SFTP is a bit more firewall friendly because it uses only 1 port and it’s also a bit more secure than FTPS. SFTP is gaining steam as the most preferred method of secure file transfer, particularly in infrastructures that favor unix but SFTP is quickly gaining steam in Windows environments as well.

It is a secure replacement for FTP (File Transfer Protocol) based on the Secure Shell protocol. Unlike FTP, SFTP encrypts both commands and data providing effective protection against common network security risks. SSH Client and Server provide both command-line SFTP tools and a graphical user interface for Windows users. SFTP encrypts the session, preventing the casual detection of your username, password or anything you've transmitted.

The major reason for implementing SFTP versus FTP is security. FTP is not even remotely secure. In FTP all data is passed back and forth between the client and server without the use of encryption. This makes it possible for an eavesdropper to listen in and retrieve your confidential information including login details. With SFTP all the data is encrypted before it is sent across the network.
SFTP is sometimes confused with Simple File Transfer Protocol but both are totally different.

SCP : Secure Copy

SCP is a non-interactive command-line tool for securely transmitting files from a machine to another. It is a secure replacement for RCP and provides a similar command-line syntax. SCP is strongly based on SFTP but is often a more suitable choice when setting up unattended file transfers using scripts.

The SCP protocol is a network protocol, based on the BSD RCP protocol, which supports file transfers between hosts on a network. SCP uses Secure Shell (SSH) for data transfer and utilizes the same mechanisms for authentication, thereby ensuring the authenticity and confidentiality of the data in transit. A client can send (upload) files to a server, optionally including their basic attributes (permissions, timestamps). Clients can also request files or directories from a server (download). SCP runs over TCP port 22 by default. Like RCP, there is no RFC that defines the specifics of the protocol.

Simple FTP : Simple File Transfer Protocol

As mentioned above Simple FTP is sometimes confused with Secure File Transfer Protocol, but both are totally different.

Simple File Transfer Protocol, was proposed as an (unsecured) file transfer protocol with a level of complexity intermediate between TFTP and FTP. It has some useful features not present in Trivial FTP (TFTP), but is not as powerful as FTP. SFTP supports user access control, file transfers, directory listing, directory changing, file renaming and deleting. It was never widely accepted on the internet, and is now assigned Historic status by the IETF.

Simple FTP uses only one TCP connection; whereas TFTP implements a connection over UDP, and FTP uses two TCP connections (one using the TELNET protocol). It runs through port 115. It has a command set of 11 commands and support three types of data transmission: ASCII, BINARY and CONTINUOUS.

Thanks!!!!!!!!!!! Enjoy Programming :)

Saturday, 10 March 2012

Java NetBeans : submit button not working when press Enter?

Today, I noticed that my form is not getting submitted while using keyboard Enter button to submit it. Then I searched over that and found different solutions and sharing them with you :

1) If your form is only having one button and that’s only submit button then use the     following line in your code:


I have used this line in constructor.

It would work and your submit button will be automatically get focused.

2) If you have more than one button, as in my case there are three buttons, above solution will not work. Because, on any given Window a single button can be designated as the “Default Button”. The default button is noticeable by the darker border around the button. The default button can be activated by using the Enter key, even when it doesn’t have focus. When your focus is on another button and you press enter even then only submit button is working not the one you have pressed. So in this case we have the following solution :

In order to make a button the default button you need to know when a button gains focus. You could add a FocusListener to every button, but this would be extremely tedius. Fortunately there is an easier way. We can add a PropertyChangeListener to the KeyboardFocusManager  and listen for focus change events. Using this approach all focus changes are handled in one place so all we need to do is manage focus changes that involve buttons. The DefaultButtonListener class will manage all this for you. You can use this class in your application with the following lines of code:

DefaultButtonListener listener = DefaultButtonListener.install();

InputMap im = (InputMap)UIManager.get("Button.focusInputMap");
im.put( KeyStroke.getKeyStroke( "ENTER" ), "pressed" );
im.put( KeyStroke.getKeyStroke( "released ENTER" ), "released" );

You can use the DefaultButtonListener class for single button as well :

InputMap im = button.getInputMap();
im.put( KeyStroke.getKeyStroke( "ENTER" ), "pressed" );
im.put( KeyStroke.getKeyStroke( "released ENTER" ), "released" );

That’s it. It worked for me. If you are facing any other similar problem and it’s not working for you please let me know.

Thanks!!!!!!!  Enjoy Programming :)

Sunday, 4 March 2012

phpExcelReader uses and problems?

If you will search over internet about excel reader in PHP at the end you would be redirected to the following this link only. It’s well written code but there are also some problems in that. Some documentation is missing. In this post we are going to discuss how to use phpExcelReader and which type of problems you could face.

Download : 

1) You can download the original library from here.

2) Mine one(with bug fixes) is available here. Go there, Click on File menu then download it.

How to use :

1)  In the package itself example2.php is a very good example of using excel reader.

2)  Beginners can have a look at following example

            error_reporting(E_ALL ^ E_NOTICE);
            require_once 'phpExcelReader/Excel/reader.php';
            $data = new Spreadsheet_Excel_Reader();
            //If there are n sheets in a excel file then it would run for n times
                                                $xls[$sheet][$row][$col] = htmlentities($data->sheets[$sheet]['cells'][$row][$col]);
            print "<pre>";
            include "html/beginners.html";

It would return an array. You can use this to save contents in the database or do whatever you want with that.

Problems : 

When you will use the original library, following problem could come.

1)  Warning: require_once(Spreadsheet/Excel/Reader/OLERead.php) [function.require-once]: failed to open stream: No such file or directory in C:\......\phpExcelReader\Excel\reader.php on line 32

Fix :  

Find a line in phpExcelReader\Excel\reader.php with following code:

require_once 'Spreadsheet/Excel/Reader/OLERead.php';

replace it with following line :

require_once 'Excel/';

2) Assigning the return value of new by reference is deprecated in  C:\.....\phpExcelReader\Excel\reader.php on line 264 

Fix : 

Find a line in phpExcelReader\Excel\reader.php with following code : 

      $this->_ole = & new OLERead();  
      Replace it with:

      $this->_ole = new OLERead();


$le = new OLERead();
$this-<_ole = & $le;

3)  The filename abc.xls is not readable.

Fix : 

      It means your file is not in a proper format. For proper format check the
      file : Correct.xls

 4)  Date issue : If you are getting wrong dates like 

a)      You have entered the date with format like dd-mm-yyyy ex. 17-03-2008 and it’s returning you with 18/03/2008 (with one day ahead)

b)      You have entered date with format mm-dd-yyyy ex. 03-17-2008 and it’s returning just like 00/1818/08080808

Fix : 

Find function createDate($numValue){.....} in reader.php file and replace it with following code :

function createDate($numValue)
        if ($numValue > 1) {
            $utcValue = round(($utcDays) * SPREADSHEET_EXCEL_READER_MSINADAY);
                  $this->curformat = strtolower($this->curformat);
                  //echo $this->curformat; echo "<br>";
                  if ($this->curformat == 'mm/dd/yyyy' || $this->curformat == 'i/dd/yyyy') {
                        $this->curformat = 'Y-m-d';
            $string = date ($this->curformat, $utcValue);
            $raw = $utcValue;
        } else {
            $raw = $numValue;
            $hours = floor($numValue * 24);
            $mins = floor($numValue * 24 * 60) - $hours * 60;
            $secs = floor($numValue * SPREADSHEET_EXCEL_READER_MSINADAY) - $hours * 60 * 60 - $mins * 60;
            $string = date ($this->curformat, mktime($hours, $mins, $secs));

        return array($string, $raw);

If you are facing more issues or the package is not working for you, please contact me here or put your comments against the post.

Thanks!!!!!!!!!!!! Enjoy Programming :)

Saturday, 3 March 2012

isset() vs array_key_exists()

isset() : 

Determine if a variable is set and is not NULL

If a variable has been unset with unset(), it will no longer be set. isset() will return FALSE if testing a variable that has been set to NULL. Also note that a NULL byte ("\0") is not equivalent to the PHP NULL constant.

If multiple parameters are supplied then isset() will return TRUE only if all of the parameters are set. Evaluation goes from left to right and stops as soon as an unset variable is encountered. 

array_key_exists() :

Checks if the given key or index exists in the array. array_key_exists() returns TRUE if the given key is set in the array. key can be any value possible for an array index.


$a =array (‘language’ => ‘PHP’, ‘author’ => null);

isset($a['language']);                      // true
array_key_exists('language', $a);  // true
isset($a['author']);                        // false
array_key_exists('author', $a);    // true

So in case of array_key_exists() null is also a value.

Performance :

isset() is significantly faster than array_key_exists(). Check the following example.

$a = array('language' => 'PHP', 'author' => null);
$start_time = microtime(true);
             for ($i = 0; $i < 1000000; $i++) {
                         if (array_key_exists('blog', $a) && $foo['blog'] === 'dirtyhandsphp') {
                                    echo "Not here";
            $end_time = microtime(true);
            echo "Time Taken by array_key_exists() : ".($end_time-$start_time)."\n";
            $start_time = microtime(true);
            for ($i = 0; $i < 1000000; $i++) {
                        if (isset($foo['blog']) && $foo['blog'] === 'dirtyhandsphp') {
                                                echo "Not here";
            $end_time = microtime(true);
            echo "<br>";
            echo "Time Taken by isset() : ".($end_time-$start_time);

It gives me the following output:
Time Taken by array_key_exists() : 0.54193115234375
Time Taken by isset() : 0.13503885269165

Check yours.

It is said that isset() is 2.5 times faster than array_ket_exists() but out output shows that it’s around 4 times faster.

isset() is faster because it is a language construct; it does not suffer the overhead of a function call like array_key_exists() does. However, the two are not completely interchangeable. isset() also checks the value associated with the key, and will return false if that value is null. On the other hand, array_key_exists() only checks the key, and will return true for keys that point to a null value. Sometimes this distinction is important. So when you don’t need to distinguish the null value, please use isset().

Thanks!!!! Enjoy Programming :)

Odoo 10: Close wizard and open standard form

Hi, Today we are going to learn how to open standard form after saving data in wizard. Let's say I have created an wizard to fill bas...