How to Get a List of Contributors from a Github Project Contributors

We launched a few hours ago and the overall feedback is great. People seem to love how we automatically pull in contributors using the GitHub API, so I decided to share the code snippet that does that (using WordPress):

function underscoresme_get_contributors() {
    $transient_key = 'underscoresme_contributors';
    $contributors = get_transient( $transient_key );
    if ( false !== $contributors )
        return $contributors;

    $response = wp_remote_get( '' );
    if ( is_wp_error( $response ) )
        return array();

    $contributors = json_decode( wp_remote_retrieve_body( $response ) );
    if ( ! is_array( $contributors ) )
        return array();

    set_transient( $transient_key, $contributors, 3600 );
    return (array) $contributors;

This function returns an array of contributors to the underscores project (or wherever that URL points to) on GitHub. We cache the results in a transient for better performance too! On the front-end of your site, use the function to grab the array of contributors and print_r to find out what data is available. Here’s an example that prints out the contributors logins:

foreach ( underscoresme_get_contributors() as $contributor ) {
    echo $contributor->login;

Visit the GitHub API docs to learn more.

Using the Google Analytics API in WordPress

There’s a great article over at on Using the Google Analytics Data Feed API in WordPress which covers some pretty interesting techniques to grab and make use of data stored in your Google Analytics profile, like what are your top 10 posts this month, or what were the most searched ones, etc. I’ve authored that article so feel free to ask questions ;)

WordPress and Magic Quotes

This is crazy, and based on a post called WordPress and PHP magic quotes: you want to run me crazy! by Stefano Lissa. I’m writing a plugin prototype for WordPress that uses the new Facebook Graph API to post stuff to my wall on Facebook (upcoming blog post). The original Facebook PHP SDK comes in very handy when working with the Facebook API, and I had quite some fun using it, but..

I’ve been trying to figure this out for hours! I had code working outside WordPress and once I pumped it into a plugin it suddenly stopped authorizing me. I had to dig through the facebook.php code to figure out what’s happening, and here it is. The getSession() method uses the get_magic_quotes_gpc function and strips the slashes from the $_COOKIE superglobal if it’s switched on. Of course, that’s the correct logic supporting both php 5 and php 6, but not WordPress.

I looked through the latest (3.0.1) WordPress core code and was quite surprised to see a function called wp_magic_quotes(). Oh my god, thought I! Commented as: Add magic quotes and set up $_REQUEST ( $_GET + $_POST ).

What the hell is that? Okay, let’s see:

$_GET = add_magic_quotes($_GET);
$_POST = add_magic_quotes($_POST);
$_COOKIE = add_magic_quotes($_COOKIE);
$_SERVER = add_magic_quotes($_SERVER);

How does that sound? So all my apps, plugins, external libraries working with server variables (like Facebook does with cookies) are not allowed to use the magic quotes function? This means that working with WordPress, we must initially assume that all these are quoted, no matter what the php settings are. I don’t even know what question to ask here, perhaps: Is this the way things are done? Why?

To be honest this is getting me a little frustrated. Not by the fact that they’re slashing the whole input (although I don’t see a reason to) but, heh, I’ve been coding based on WordPress for over two years now, and never came across anything like this. Did I miss something in the Getting Started guide? ;) Anyways, the easiest way to get this working is to replace your get_matic_quotes_gpc function with 1, which says it is always switched on.

Eh, Monday morning disappointment ;) Cheers, and thanks for sharing the post!

Highcharts: Pure Javascript Charts API

I was working on a project lately that involved charts and graphs which had to be interactive, lightweight and somewhat complicated. I looked through quite a lot of different chart APIs, and for some time thought that I’d have to go with Open Flash Chart which is good and simple, but it was Flash. There’s nothing wrong with Flash, but Flash is what makes it more complicated to modify and extend. The standard OFC functionality seemed to work fine for me, but soon I came across Highcharts.

Highcharts: Pure Javascript Charts API

Highcharts is purely written in javascript and uses some advanced SVG to render the content. It’s quite impressive and very well documented. Chart control is all done via javascript, and all the options available make it very flexible and extensible. Since everything’s done in javascript it fits well with PHP without having to write tonnes of code or use some third-party library. The json_encode function comes in very handy when passing options from PHP to Highcharts.

Highcharts is free for personal use, commercial licenses start from $80, which is quite okay. Check out the Highcharts Demo page for some terrific usage examples. Happy charting and thanks for sharing!

How To: Retrieve a User ID via SOAP in SugarCRM

Following the Lead Generation Forms with WordPress and SugarCRM post, I came across the need to assign the generated lead to some person in the CRM. It would be easy if you could do it by simply using usernames in the system, but unfortunately usernames may change, but user IDs do not.

User IDs in SugarCRM are stored in a 36-byte alphanumeric string with symbols, which is easy to capture from the database, but not very usable that way. I worked a little more on the snippet I gave before and came up with a new function called getUserId, where a search is performed based on the username.

I’m not sure if this is very secure, but will surely work if you need to simply capture the ID of a certain user and perhaps hard-code it in your script or settings file. Make sure you read the previous post about SugarCRM to capture the whole Sugar class together with the authentication and lead creation functions. The following function is simply an addition to the class:

function getUserId($username)
	$result = $this->soap->call('get_entry_list', array(
		'session' => $this->session,
		'module_name' => 'Users',
		'query' => "user_name = 'pavel'",
		'max_results' => 1

	return $result;

Once you’re done with that, use your sugar object to authenticate and request for a user id:

$sugar = new SugarCRM('username', 'password');

$result = $sugar->getUserId('john');

So $result will contain an array where you’ll find the alphanumeric ID of the person with the username “john”.

I believe there was some other method for doing that in SugarCRM version prior to 5.5.2 CE, but the new SOAP Web Services are mostly based on a few general methods – get_entry, get_entry_list, set_entry, etc, which are applicable to basically any module including Users.

Now, in order to assign the new lead to your retrieved user (using the createLead function), just add an extra parameter to the array:

$result = $sugar->createLead(array(
	'lead_source' => 'Web Site',
	'lead_source_description' => 'Contact form on my website',
	'lead_status' => 'New',
	'first_name' => $_POST['firstname'],
	'last_name' => $_POST['lastname'],
	'phone_work' => $_POST['phonenumber'],
	'description' => $_POST['description'],
	'email1' => $_POST['email'],
	'assigned_user_id' => $user_id // Your ID goes here

Now your newly created leads will be assigned to your user, which is quite convenient when you have e-mail notifications turned on during assignment. Hope that helped somebody! Cheers, and thanks for sharing!

The Twitter API v2 Transition

It’s a mess around the current working copy of the Twitter API, there are more issues than functionality and the whole naming and renaming is a total disaster. Today for instance I tried a simple search query to the API and kept receiving “400 Bad Request” errors without any further explenation. As soon as I changed the address from to (I got this from Abraham Williams’ php code), which is not clearly mentioned anywhere in the Twitter docs, everything started working fine.

But then I realised that the from_user_id field that’s being returned is far from the correct user ID. People in the Twitter Development Talk Google group stated this problem a few times (since March 2009 I believe). It seems that the “wrong” user IDs are meant for the second version of the Twitter API, thus cannot be used before it’s released. But wait! What the hack should I do with my app now? It’s not working y’know! Here you go:

$response = $oauth->get('search', array('q' => $search_query));
foreach($response->results as $result)
$id = $result->id;
$text = $result->text;
$user_name = $result->from_user;

$user = $oauth->get("users/show", array("screen_name" => $user_name));
$user_id = $user->id; // Get the old-style user ID

Yeah, that’s one extra API call, but it solves things temporarily ;)

I guess there’s nothing that we could really do right now, and it’s probably true that we’ll have to rewrite some parts of our code as soon as Twitter API v2 is released, but then again, what about the apps which stopped development? Will they stop working? Tonnes of Twitter clients and web apps still use basic authentication. Twitter mentioned that everybody must use OAuth these days, and that basic auth will be closed sooner or later.

Oh well, software comes, software goes. The best thing to do right now would be sign up to Twitter API Announce Google group and follow @twitterapi. By the way, @web2feed can now use the new features of the API to retweet messages based on hashtags and build user lists ;)

The Twitter OAuth PHP Class Gets Even Better

Or perhaps simpler?.. Together with the Twitter API itself, the TwitterOAuth PHP class (the one by Abraham Williams) is being updated too! According to GitHub the latest changeset was commited on December 3rd so yeah, I tried to take a look at what’s going on there a few days ago and was quite disapointed. Disappointed with the fact that all my previous code was broken without giving any reason.

Just like everybody else, I never read the readme or other documentation files so I dug straight into the class code and examples. Soon after I realized that the new changes were not that bad, so instead of the usual 5 lines of code, I shortened it up to only one. I stopped worrying about parsing XML or JSON, converting them to objects, and I stopped typing in the full address for Twitter API calls. Abraham did all that for us, so all we have left is:

$credentials = $oauth->get("account/verify_credentials");
if ($oauth->http_code == 200)
echo "Hey there, {$credentials->screen_name}!";

I’m not going to publish all the new features and stuff (read about them at GitHub), but hey, this is quite sweet isn’t it? The only drawback was having to rewrite some parts of the code I wrote for the past few months (the Twitter Robots stuff), but I guess that’s partly my bad as it’s not as organized as it should be. That’s the main reason why I’m not publishing the whole code here yet, have a lot of cleaning up to do ;)

Meanwhile you may take a look at this buddy: @web2feed. I turned off the auto-replies because they were getting quite annoying, and I’ve added a couple of feeds to the big list, oh and it’s DM controlled too!

Google Docs API: Client Login with PHP and Curl

A few days ago I started looking deeper into the Google Code APIs and threw a few experiments using the Google Documents List Data API. Unfortunately, the only library they have for the third version of their protocol is written in Java. There is a PHP wrapper for the first version of the protocol, but it totally depends on the Zend Framework. Here’s a little code snippet for logging into a Google Docs account (writely) using ClientLogin with Curl and PHP. The Auth string is stored into the $auth variable for later use.

// Construct an HTTP POST request
$clientlogin_url = "";
$clientlogin_post = array(
    "accountType" => "HOSTED_OR_GOOGLE",
    "Email" => "",
    "Passwd" => "yourgooglepassword",
    "service" => "writely",
    "source" => "your application name"

// Initialize the curl object
$curl = curl_init($clientlogin_url);

// Set some options (some for SHTTP)
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $clientlogin_post);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

// Execute
$response = curl_exec($curl);

// Get the Auth string and save it
preg_match("/Auth=([a-z0-9_-]+)/i", $response, $matches);
$auth = $matches[1];

echo "The auth string is: " . $auth;

ClientLogin assumes you login once and use the auth string for all on-going requests (more info: ClientLogin – Google Code). Here’s a simple example of how to retrieve some data from a Google Docs account, show filename, author and file type. Make sure the simplexml php extension is installed and activated.

// Include the Auth string in the headers
// Together with the API version being used
$headers = array(
    "Authorization: GoogleLogin auth=" . $auth,
    "GData-Version: 3.0",

// Make the request
curl_setopt($curl, CURLOPT_URL, "");
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($curl, CURLOPT_POST, false);

$response = curl_exec($curl);

// Parse the response
$response = simplexml_load_string($response);

// Output data
foreach($response->entry as $file) {
	echo "File: " . $file->title . "<br />";
	echo "Type: " . $file->content["type"] . "<br />";
	echo "Author: " . $file->author->name . "<br /><br />";

It seems though that Google Docs is purely for documents (spreadsheets and presentations) but not for actual files, as a JPEG I uploaded turned into a text/html type. It opens up in the text editor when viewing in Google Docs, and the nearest-to JPEG export format is PDF (just like all the other documents). So I guess there’s no way of reading and manipulating the raw image as if I would read and manipulate a file.

I came across a cool website which I believe the Googlers have made – Data Liberation:

Users should be able to control the data they store in any of Google’s products. Our team’s goal is to make it easier for them to move data in and out.

I’m working on a little project that involves image (and file) hosting, so the products I’m interested in are Google Docs and Picasa Web Albums. It seems that none of the two make it possible to store and work with files as if it was a flash disk or an FTP server. Google Docs is the closest one but there’s a huge limit on what kind of files you can upload and store. Picasa on the other hand is good for image storing, but the only way to export a set of images is to use their desktop software and Picasa Web, and of course no actual control over the files (edit, delete) via their Picasa Web API. If only it were a little bit closer to Amazon S3 …

Oh and you should probably use OAuth or AuthSub when working with Web Applications and Google APIs but anyways, this was just a quick example.

Create Your Own Automated Twitter Robot in PHP

The ultimate guide to creating your own personalized twitterfeed clone! Kidding… Actualy this is just a mockup, a simple prototype, which is way too fresh for any actual use. We’ll take this forward step by step. I’m not going to give out all my sources but I’ll guide you through authentication, rss lookup, parsing, thanking for retweets, and shooting random stuff at people that mention your robot.

Here’s a brief list of features we will implement:

  • Runs in console, no HTTP access
  • Authentication via OAuth, tweeting via OAuth
  • RSS lookup, parsing, forming tweets in bound of 140 characters including a postfix (hashtag or RT)
  • Tweeting ‘thank you for retweeting’ to users that retweet the robot
  • Following people that retweet the robot
  • Acting strange on users that mention the robot

All this is going to be setup on a linux box running crond and acting every 15 minutes or so. Are you ready? Let’s do it!

Continue reading

The Importance of Using Twitter API via OAuth

I hope you noticed the latest changes at I’m talking about the new Followers rate section thanks to the TwitterCounter API and of course something I’ve been dreaming about since the launch of the project. You view a profile at before making a decision about following that particular person or not, right? And yeah, we had a link at the bottom of the page that lead to their profile on Twitter, where you could click the follow button.

Now we’ve updated that section to a Twitter OAuth powered follow button. This means that once you authorize to use your Twitter profile without having to even input your username or password, you can follow people directly from, without having to do any extra clicks. Yeah, we’re ready to remove our beta label and as we promised we’re coming up with a few more features and optimizations.

Guess that’s enough for the news section. Now, back to the topic of this post. OAuth. Y’know at the very beginning I was thinking about giving people the chance to input their username and password on, but hey, that’s dangerous, right? I still see tonnes of websites and Twitter services, which are super cool, and yes, they still use basic authentication instead of OAuth. Seriously, it took me less than two hours to incorporate OAuth into and once somebody has authorized with you (on the server side) you’re able to do all the stuff with their account with no difference from baisc auth! No limitations at all! Please take a look at the Twitter OAuth Examples which include ready-to-use libraries (and classes) for the major programming languages including php, Python, Ruby, .NET and a bunch of others.

So, why bother switch to OAuth? Well, personally I hate websites and Twitter services that would ask me for my Twitter username and password, I start to think that they’re scam (don’t you?), even if they’re not. I repeat, I see tonnes of those, and I gave out my password only to a couple because I really, really wanted to see what’s inside. After that, I immediately picked a new password for my Twitter account. And yes, I really can’t wait till TweetDeck, Seesmic Desktop and the others implement OAuth into their apps. That would make them extra cool, seriously.

Here’s more! There’s also lots of discussion going on in the Twitter Development in Google Groups and I heard somebody mention that the source parameter for your apps will no longer be available sooner or later. Yep, they’re closing down the basic authentication method. I’m not sure when, and the Twitter API Wiki says that the date hasn’t been announced yet, but hey, you should do it now before it’s too late. OAuth applications won’t need any source parameter as Twitter already knows who they are after signing your app with them.

So dear friends, please switch your apps to OAuth, it’s very, VERY important.