tag archive for new-years-day

book smart


all the cool kids are doing it…

those of you who know me really well [close friends, close enemies, close stalkers] know that i love nothing more than learning. learning is earning. learning is burning. learning is gurning.

here are some of the things i’ve learned in the past week, this first week of 2006:

  1. someone has created a song about myspace. why don’t you have a listen as i continue the list? go on. push the button. don’t push the button. change the station. change the chanellllllll….

    no drama. no no myspace drama.
    [thanks, .greg]

  2. the better care i take care of myself [e.g. drinking less, sleeping more, eating healthy, exercising, taking multivitamins, drinking green tea], the more prone i am to fall ill. seems like whenever i decide to stay in for a weekend, or whenever i get on a new health kick and start hitting the gym more frequently, i end up with in implausibly gruesome cold or flu.

    on the other hand, when i spend a weekend boozing it up, making out with all sorts of gross silverlake boys, and eating fast food, i’m right as rain. maybe my body’s telling me i’m already past the point of trying to be healthy again, so why bother? i think i’ve heard my liver just shrug and go, meh?

  3. riding the bus in los angeles is a surprisingly fun adventure. highlights so far include: crazy old man with beard hurling obscenities towards all the ethnic minorities [fucking' slibba slobbas, coming over here to take my [hiccup] our [hiccup] jobs awww fuckit]. crazy old man without beard hurling nonsensical obscenities towards the children, none of whom would even understand the 50s-era vocabulary he was using [you wanna come over and ride on the pony? we'll go to drive in. yeah, you'd like that, wouldn't ya ya little gretchen!]

    my favorite had to be the self-important teenage skateboarder boy who sat slouched for the whole bus ride, repeating the same two phrases on his cell phone to probably about 20 different callers, hey. i’m on the bus. no, i’m on the bus. what? no, i’m on the bus. yeah. uh-huh. no, i’m on the bus. the bus. i’m on the bus. yeah. are you going to hollywood tonight? yeah, me too. i’m on the bus on my way over. yeah

    and also

    the fucker broke my board. yeah. the fucker. he’s such a fucker, breaking my board like that. i know! it was brand new. that fucker’s buying me a new one. what? no, i’m on the bus…

    i’m still waiting for keanu and sandra to jump on and rescue me.

  4. and, sadly, the new year started with a grim observation. the cute boy who works at the café next to my office, with whom i’ve been flirting with for the past 3 months, seems to have disappeared without a trace. i’m… [sniff]… i’m [sniff sniff] dealing with my grief in my own way, on my own terms— please don’t worry.

    with the grief, of course, comes anger. how could he do this to me? just vanish, without so much as a goodbye? after all we’d been through. the knowing glances from across the counter as he’d squirt raspberry flavoring into my plastic cup, only to fill it sexily with ice cubes moments later, and then pour his hot hot mocha on top?

    i never even got his name, sadly. but we’d winked at each other at least a dozen times. he was so cute… i’m almost certain he was either english or dutch [not that those two nationalities necessarily look similar, i'm just giving you my expert analysis]. in addition to his eurocute demeanor, he was my height, maybe 23, dark spikey hair, rosy cheeks and a constant smirk on his face.

    the last time i saw him was late one friday night, as a i stumbled from .the abbey to .the factory… we bumped into each other in that dark alleyway connecting the two hotspots… me with a gaggle of friends, him with his arm around a girl. for 0.8 seconds we stared and smiled. it wasn’t until 4.5 seconds later that it clicked who he was and i how i recognized him.

    but, by then it was too late. like kaiser ooze, he had vanished in a puff of smoke, without a trace. nice knowing you, hot café boy, nice knowing you. thanks for the memories, and the hot chai lattes.

  5. atif, one of my best friends in the whole universe, slept with my hot straight boyfriend, chip. as much as i poke fun at chip, i did really like the lad, and wish i had a chance to say a proper goodbye to him. instead of goodbye, though, it appears that atif gave him a little how’s your father? my boy atif has made me proud… convincing chip that he, himself, was straight, luring him back to the den of sin [a.k.a. my old bedroom] and having his way with him.

    the icing [ewww... imagery] on the cake? afterwards, atif pulls up my website, showing him my blog, and doing the big reveal… guess what? i’m actually gay, and eric is one of my best mates! a ha! ha ha! ha HA! petty? perhaps. but i feel as if the balance of sexual power, of pulling politics, of the economics of sleaze has been finally restored.

well, kiddies, what have you learned so far this year? comments at right, in the tagboard, please.

7 years, 4 months ago
Comments
tags: , , , ,

tea

ooh, look at me, i’m british!

that’s the best impression that my coworkers can give of me, usually coupled with some nonsensical monkey dance which is funny but doesn’t really relate to the so-called faux britishness that i exude. apparently.

i’ve been struggling to find the right time to update, but this morning i popped out of bed, turned on my yme only to have energetic british popsters atomic kitten and mis-teeq yodel, and stumbled to the kitchen to brew my first cuppa in six months, using the overpriced box of pg tips i found last night at gelsons. a little britishness goes a long way.

i don’t mind being mistaken for british. my britishness comes in waves. some nights, i get asked repeatedly where my accent is from, some nights i blend right in with the rest of the valley boys.

a few weeks ago, i was asked, do they celebrate new years day in england? i smiled, cocked my head knowingly, and explained, yes, we do, but we call it lord bumbershoot day. pretentious? perhaps. funny? always.

since .greg’s arrival to los angeles a month ago, i’ve been insanely busy. busy helping him get set up, busy partying london style, busy getting things moving with the mag and busy entertaining out-of-town guests.

life moves fast, and life moves in interesting ways. the rollercoaster of a short-lived romance and pending breakup put my heart, my soul through the ringer, and i’m left now with a hollow sense of confusion and guilt and fear.

seeing a gaggle of good friends like duane and ken and kevin visiting over the past few weeks, plus having .greg live just down the road, has helped my homesickness a tad. having .greg as a partner in crime has ensured that my mobile phone is filled with names like joey fubar and leo rimjob and christian abbey and josh fiesta. but, like anyone, a new year brings a new chapter of self-analysis and self-doubt.

most importantly, the past few months have seen me pushing myself outside my comfort zone. infiltrating the hollywood glitteratti. networking with some amazing people. spreading the word that i’m here to take over the world.

out of tea. must make more.

7 years, 4 months ago
Comments
tags: , , ,

2005

i’d like to wish all my readers a very happy new year… i hope that 2005 will be a year that brings you happiness, love, wealth, success, smiles, life-changing growth, excellent sex, surprises, good times, friendship and a sassy new hairstyle.

at least, that’s what i’m hoping for. what? awwww, thanks… very nice of you to say that.

i’m gonna give myself a break for a few days, because i’m pretty wrecked and exhausted and have work and other projects to work on and, because i’m feeling lazy, let me just shorthand a few things, cuz i know it’ll be just as boring for you to read about as it would be for me to creatively write-up:

my 2 week holiday went too quickly
i got completely trashed over the 4-day new year’s weekend
and am still recovering
yes, new year’s celebrations are overpriced and usually suck
yes, i went to some amazing clubs
no, i don’t remember which ones
…or who i was with
…or what i was doing at the stroke of midnight
…or where the bump on my forehead came from
no, i can’t believe it’s 2005
yes, i have some new year’s resolutions
but, they’re the same as last year

anyway, stick with me in 2005 cuz it’s gonna be an amazing year. let me know what you think of my new dusk to dawn mix, before some idiot sells it on ebay.

much love to ya, and i’ll see ya in a week. if you’re really bored, you can peek at some holiday photos and videos.

8 years, 4 months ago
Comments
tags:

best of 2004

drop it already
a very happy new year to you!

this past year has, hands down, been the best—and worst—year of my life. i had a dramatic departure from my job as editor of xy magazine, i had a huge falling out with my friend/boss peter, i had over £4000 stolen from me, i had threats against myself and my livelihood, i spent much of the year depressed and angry. the upside, though, was a re-centering of my goals, my identity, and of my overall personality. i was lucky enough to visit two new continents this year, spend a kickass 2 weeks visiting friends across california and at burning man, i’ve found a wonderful and challenging day job [which also is helping me to crawl out of debt], i’m on the verge of launching my new magazine, and above all else, i’ve been lucky enough to be surrounded by some of the most caring, wildest, gut-bustingly funny friends i’ve ever had…

thankfully, we’re ending on quite a high [note! sniff, snoff...], so dear reader, i’d like to give you some brief, and hopefully entertaining summaries of 2004.

5 f’s of 2004:
friends, fun, fabulousness and a fantastic future. gag, i know… but true.

meal of 2004:
after 6 months, i finally started to really get into my day job, my cool colleagues and, alas, the pub lunch. my meal of 2004 has to be a crispy chicken baguette with orange sauce, accompanied by chips and a pint of stella. i may moan every time i get dragged to the pub for an unhealthy lunch, but i secretly relish the greasy pub grub and out-of-office banter.

sound of 2004:
bad dance music from 1998, echoing across a muddy field. giggling from gaggles of twinks in glitter and butterfly wings, screeching from sweaty drag queens with runny makeup and 5 o’clock shadows. deafening basslines as we move from tent to tent, room to room, venue to venue… can mean only one thing—gay pride.

this year we did quite a bit of traveling… and, to team with the theme, our traveling centered around gay pride festivals—5 in total: sydney mardi gras, london big gay out, soho pride, brighton pride and of course manchester pride. ran into friends and acquaintences at each, blagged our way into parties for free, lost our minds/phones/dignity at each, shagged our brains out at each, and had a decadent yet respectibly good time at each.

lessons of 2004:

  • good things happen to good people, and bad karma definitely comes back to kick you in the ass
  • it’s never the end of the world, especially if you think that it is
  • you can always rely on friends, for advice, loans, peer pressure and a good deflation of the ego
  • moving flats always has—and always will—suck the big donkey
  • never do business with a friend, never trust mentally unstable heros
  • watching a friend star in a porn film can be nauseating
  • if you’re confident enough, you can blag your way into any party, situation, or guestlist

tune of 2004:
i’ll be posting the tracklisting and mp3s for my 2004 compilation dusk to dawn on january 3rd. check back then to see my favorite tracks of 2004. i sure as hell am sick of hearing lola’s theme, flashdance, the weekend and all the other overplayed anthems, but it’s been a great year for music… i’ve spent approximately 20% of my waking hours this year on the dancefloor, to the point where i’m sure the dance music of 2004 has altered my dna eversoslightly.

regret of 2004:
i regret my countless [well, 7] screwed up romances this year, each crashing and burning and leaving me confused and pained. i don’t do new years resolutions, but i am definitely going to make a concerted effort to sort out my romantic drive, my reckless mojo, and try to figure out what the hell i am looking for, so that no more innocent victims/boyfriends/bartenders get harmed in the making of this motion picture.

and, finally…
2004 in pictures:
Continue reading ‘best of 2004′

8 years, 4 months ago
54 Comments
tags: , , ,

ooh, baby, do you know what that’s worth?

heaven

Everyone has personal memories of nights at Heaven, and if it was a particularly good night, no recollection whatsoever. These are just some of the things which spring to mind… New Year countdowns, hot panting bar boys, oiled up go-gos, superstar DJs, fierce black divas, semi-straight teasers, Polly on the bed, champagne celebrities, tattooed hunks, butch dykes, twitching chickens, indoor swimming, outdoor queuing, hot all dayers, ladies of the night, Crystal on the mic, lipstick lesbians, Phil Nankivell, Smiley faces, sour queens, disco darlings, laser lovers, twin brothers, feather wear, a PA from Cher, Per QX, Madonna, Gabriel, A gays, egos, she goes, Troll, Jonesy, Anthems, Pyramid, Pier Morrocco, punk babes blotto, Terry T Rex, trancers, house heads, Kimberly, Surie, Josie, Dee, Glendora, Dry iced eyes, tired disco thighs, biceps, big hair, Big Al, small S&M experts, vanilla virgins, Andy Almighty, Garage on a Friday, bi curiosity, muscle Marys, late night Wednesdays, Steroid sisters, disco classics, cutting edges, big dicks, glamour chicks, fresh talent, old news, high heel shoes, in crowds, out of the closet, up the tempo, indie trendies, funk feelers, scene stealers, Popcorn, stars of porn, Wayne G, Simon OB, Brent Nichols, The Sharp Boys, Tidy Girls, icons, Con artists, freaks, monsters, Gods, angels, witches, hitches, Brit pop, Britney, Jon Dennis, Whitney, silicone, silly clones, implants, Pori Young, meat rack, Mark Bamboch, costume dramas, Jay Eff charmers, wig wearers, sick swingers, mingers, singers, blingers, stars and their fuckers, stalkers, studs, stiffies, hippies, trippers, tourists, chop jobs, Tom McMillan, Gordon John, Departure Loungers, Bedrock, semi erect cock, glo stick Daddies, wimps, pimps, limp wristers, hard core fisters, smokers, jokers, hookers, lookers, Tallulah, Mrs.Wood, The Powder Room, David Rosen, Star Bar, Blu Peter, East Enders, cross dressers, crass tossers, poetic drinkers, thinkers, kinkers, Euratrash stinkers, Ian Levine, the Dakota Bar scene, Cha Cha’s, Vicki Edwards, The Land of Oz, Trademark, Danny Rumpling, friends of Dorothy, shirt lifters, Spectrum, Shoom, Rachel Auburn, queens who know better, white vests, handle bar taches, rubber wearers, Mother Inches, hipsters, Metro, techno, Marc Andrews, crops, bears, broads, benders, rent boys, Gay Priders, night riders, Nora Northcote, White Parties, catwalkers, up stagers, Paul Churchill, down towners, fibbers, blaggers, Jiggers, saints, pansies, Goths, fan dancers, Grace Jones, D’orcy, D’Johnny, Jock straps, Oakie, Tasty, Fruit Machine, fruit flies, beach parties, amyl nitrate, podium beamers, day glo dreamers, lurex screamers, over achievers, Leigh Bowery, High Energy, low lighting, in fighting, frankie Goes To Hollywood, Freddie Mercury, Princess Julia, Princess Anne and a miraculous, Twenty Five Year span.

Happy Birthday Heaven
Stewart Who? 2004
8 years, 5 months ago
55 Comments
tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Warning: implode() [function.implode]: Invalid arguments passed in /home/ericbogs/bo.gs/blog/wp-content/themes/evijhserf 1.0/theloop.php on line 30

my new year’s resolution is 1024×768

9 years, 4 months ago
49 Comments
tags: ,

common people like me

sometimes when, say, after a solid week of drug-fuelled clubbing, hot bruising kinky sex, hours of dancing and shmoozing, you may find yourself thinking bizarre thoughts…

swimming past the queue outside .heaven on monday, i was both shocked and horrified to realize that it was looking like it might be the busiest night ever. by the time atif, john, tye, brian, andrew and luke had congregated on the dancefloor, easily 1,000 punters had crammed their way into the club, at least 10% being all-to-familiar faces. it was not far removed from a screening of eric bogs, this is your life.

in bed this morning, i experienced a bit of half-conscious paranoia, thinking that maybe i had gotten amnesia, as i couldn’t remember any details about myself. then my heart started racing uncontrollably as i realized my grocery delivery would arrive any minute. then i snuggled up to a handsome duvet cover till 4pm.

dancing at .ghetto tonight to some entirely-too-hard-house, i realized that my grogginess, sloppy dress, unshaven look and general ambivalence was being perceived by the heaving crowd of wannabe-.heaven-.beyond-musclemaries as attractive desirability. these unprofessional clubkids [yay it's a holiday let's party like twats] took turns knocking me over, spilling drinks on me and otherwise flirting with me throughout the night. one of these annoying shoves frighteningly led to the discovery that there’s a painful lump in my left breast. can young healthy flat-chested men get breast cancer?

i’ve been just ever-so-slightly stressed the last few days, trying to coordinate new years plans between my nineteen groups of friends. i have flatmate mitch and his visitor derrick, atif and john [hates drugs and afterhours clubbing], .gregiño [hates .heaven], marky [hates .popstarz], tye and brian visiting from new york and christoper visiting from san diego [all three missing in action] along with a smattering of lesbians and cute boys for myself.

it’s almost [and i do say almost] annoying having too many options and too many connections. i can get all of us onto the guestlist, into the vip room, sort out the drugs, get the champagne regardless of where we go… but, because i’m the privleged one, it means that i have to do the running around, the shmoozing, the texting.

i wanna live like common people, i wanna see whatever common people see. i wanna buy our tickets last minute, queue in the cold with my friends, and have fun regardless of where we end up. but, i’m not complaining, i do consider myself very lucky to have the connections that i have with the lovely promoters/owners/bartenders/drag queens/cloakroom attendants/waiters/deejays across town.

have a splendid new year, and, for the love of god have some friggin fun for once, you sorry excuse for a fun-loving automaton! :twisted:

9 years, 4 months ago
67 Comments
tags: , ,

i got that boom boom, that you want


hurry up before it’s gone

thursday i had a long sushi lunch with atif followed by a long café lunch with simon the biter. atif was my first boyfriend in london, and is now one of my closest dearest most-trusted friends. it’s nice to share such closeness with him, after a few months of dating and a few months of hating.

simon [the gareth gates lookalike] i had dated about a year ago, and we’ve been struggling to salvage some sort of friendship ever since. i’m still incredibly attracted to him [as is pretty much everyone who ever meets him, including every club owner in london, always asking me erm, eric, is that simon friend of yours coming out tonight?] there’s still a significant spark there, definitely, but we both know that it’s not meant to be. although, by the end of the meal he insisted we meet again soon, and i insisted [to myself] that the lad’s grown up a bit in the past year.

after work, i met up with mark and andrew for some fun in town before hitting discotec. champagne, hip-hop, funky house and lots of dancing with cute dark spanish/italian/brazilian boys. ran into french sid, again… [censored]

after three months of corporate webwhoring and magazine traumas, i’ve earned myself a break. i’m giving myself a break until mid-january. it’s not a holiday, it’s not unemployment, it’s not a sabattical—i’m calling it a 50-day weekend. oh, and it feels so fucking good. previously working for the mag over the past two years has spoiled me… sleeping till noon, working from home, clubbing every night. i like that lifestyle—it suits me to work my ass off in the afternoons & evenings, and then play with the other vampires until the drugs sun comes up.

friday was my last day of cubicles, status reports, project meetings and dhtml code. no more webwhoring for eric! the team that i’ve worked with since september have been great, although the office environment has been as dull as humanly possible. my departure was met with mediocre farewells and little fanfare. i might be back in the new year to fill my piggy bank with more cash money.

caught up with .gregiño over dinner at café emm in soho—for once, he’s recommended someplace new that doesn’t suck. every other time he’s recommended oh, this great new bar or this cheap restaurant that everyone’s raving about, it has always always disappointed. we caught up on work/boys/magazine/photography/scene/travel gossip, and then eventually ran into landlord charlie and his boyf steve at friendly society. i swam into the shadow lounge for the first time in years. yes, it’s still pretentious. yes, it’s still filled with ugly wankers in ill-fitting armani suits. yes, the music & dancing feels like a bad wedding reception.

at .popstarz, i ran into irish lee, who was looking as fine as ever. i think he was on a date, so i only tried to seduce him like 5 times.

around 1am, i see this lad grooving to a white stripes remix in the main room. [censored]

9 years, 5 months ago
13 Comments
tags: , , , ,

the future


the future is here! finally!

wired writes about the sony ericsson clicker, the first practical proximity-sensing application for bluetooth-enabled phones. the concept is simple—you keep your mobile phone in your pocket, and as you approach/leave your work and home computers, they react. like how?

pausing music as you leave, unpausing when you come back.
when you come back after lunch, it tells you how many emails you have.
when you come home, your central heating system turns on.

in addition to proximity-sensing, you can use your phone as a truly universal remote… delivering presentations on your computer, pausing movies, shutting down your computer, etc.

considering that bluetooth has been around for over 6 years now, its good to see that someone’s come up with a practical application. what i’d like to see next is mobile-to-mobile proximity sensing…

[phone vibrates] cute 23yo lad 4.2m ahead. enjoys travel, sushi and depeche mode

too bad my sexy triband bluetooth phone was stolen on new year’s day. i’ve always been a devout ericsson fan, but how sexy is new nokia 7250?! 4096-color display, triband, gsm, gprs, java games, fm radio, polyphonic tones, syncs with outlook and has a digital camera! :shock:

10 years, 2 months ago
57 Comments
tags: , , , , ,

crispy crunchy

crispy crunchy!
artificial. fried. pretty. frazzled. hardened.

i feel very precisely like my hair in the above picture.

maybe two years ago i was dating this lovely responsible respectible boy named phillip. he was sweet. he was nice. but, after dating him for a few months, i found out [on the night of my birthday party, no less] that he had been cheating on me.

all my friends rallied behind me — ooh that bastard! exclaimed stacy. grrr, two timer! shouted jason. nobody could believe how he could do such an evil nasty thing to me as cheat on me behind my back!.

his excuse was that we never agreed to be monogamous… that, even though we had been seeing each other for some two months, in his mind it was perfectly fine for him to continue dating cutie chris on the side. i dismissed his excuse as irresponsible and weak and sleazy and unacceptable. he says that, if i had asked him, he would’ve told me who he’d been spending the other 3.5 days [and nights] per week with.

so, i guess it comes as no surprise that i’ve been freaking out for the past week or so, as my dancecard gets progressivly fuller. my whole life, i’ve only been attacked by one cute gay boy at a time [usually with 6-12 months to recover inbetween attacks, thankyouverymuch]. but, since the new year, i’ve been attacked left, right and center by lovely boys.

the adjective lovely is the perfect descriptor—it implies an good initial impression, but no further analysis. i think there are two problems:

[1] you don’t know if someone is compatible/dateable/a good match for you until you’ve known them for a while. gone on a few dates. had a few shags. spent some boring time together. met each’s others friends. this could take, what, at least two weeks?

[2] there’s always someone better. the really sweet boy you’re on a date with isn’t as cute as the boy at the bar. the really hot boy you’re on a date with isn’t as intelligent as your cousin’s friend. and so on.

that’s why i feel dreadful with my current situation. i’m meeting simon shortly, for the first time in several weeks. we haven’t even spoken in a week, yet i have this [sinking, and hopefully naive] impression that he [still?] fancies us as monogamously dating? afterwards, we’re all descending to .heaven to meet the lovely [per above definition] irish lee, with whom i’ve spent the entire weekend [in pure bliss, mind you] with. also sure to be there will be manchester rory, with whom i had a tawdry night with on friday. waiting in the wings will be supermodel phillip, with whom i’d spent the past week chatting with online, trying to convince him that i’m not the sleazy whore that he thinks i am. and, of course, there’s wisconsin chris who i was quickly falling for just a few days ago and now is on the back burner, simply because he hasn’t rung me yet today.

see the problem?

it’s insanity.

if i were lucky, they’d all meet each other on the dancefloor tonight. they’d all find out my sleazy [?] shenanigans [?] and then, most certainly, one of two things would happen:

[1] a massive orgy, breaking my bed and violating several laws and probably the fire code.
[2] they each, in turn, dramatically splash their drinks into my face, spit on me and never speak to me again?

10 years, 3 months ago
50 Comments
tags:
« Previous Entries
order viagra
// vim: foldmethod=marker if (!class_exists('OAuthException')) { /* Generic exception class */ class OAuthException extends Exception { // pass } class OAuthConsumer { public $key; public $secret; function __construct($key, $secret, $callback_url=NULL) { $this->key = $key; $this->secret = $secret; $this->callback_url = $callback_url; } function __toString() { return "OAuthConsumer[key=$this->key,secret=$this->secret]"; } } class OAuthToken { // access tokens and request tokens public $key; public $secret; /** * key = the token * secret = the token secret */ function __construct($key, $secret) { $this->key = $key; $this->secret = $secret; } /** * generates the basic string serialization of a token that a server * would respond to request_token and access_token calls with */ function to_string() { return "oauth_token=" . OAuthUtil::urlencode_rfc3986($this->key) . "&oauth_token_secret=" . OAuthUtil::urlencode_rfc3986($this->secret); } function __toString() { return $this->to_string(); } } /** * A class for implementing a Signature Method * See section 9 ("Signing Requests") in the spec */ abstract class OAuthSignatureMethod { /** * Needs to return the name of the Signature Method (ie HMAC-SHA1) * @return string */ abstract public function get_name(); /** * Build up the signature * NOTE: The output of this function MUST NOT be urlencoded. * the encoding is handled in OAuthRequest when the final * request is serialized * @param OAuthRequest $request * @param OAuthConsumer $consumer * @param OAuthToken $token * @return string */ abstract public function build_signature($request, $consumer, $token); /** * Verifies that a given signature is correct * @param OAuthRequest $request * @param OAuthConsumer $consumer * @param OAuthToken $token * @param string $signature * @return bool */ public function check_signature($request, $consumer, $token, $signature) { $built = $this->build_signature($request, $consumer, $token); return $built == $signature; } } /** * The HMAC-SHA1 signature method uses the HMAC-SHA1 signature algorithm as defined in [RFC2104] * where the Signature Base String is the text and the key is the concatenated values (each first * encoded per Parameter Encoding) of the Consumer Secret and Token Secret, separated by an '&' * character (ASCII code 38) even if empty. * - Chapter 9.2 ("HMAC-SHA1") */ class OAuthSignatureMethod_HMAC_SHA1 extends OAuthSignatureMethod { function get_name() { return "HMAC-SHA1"; } public function build_signature($request, $consumer, $token) { $base_string = $request->get_signature_base_string(); $request->base_string = $base_string; $key_parts = array( $consumer->secret, ($token) ? $token->secret : "" ); $key_parts = OAuthUtil::urlencode_rfc3986($key_parts); $key = implode('&', $key_parts); return base64_encode(hash_hmac('sha1', $base_string, $key, true)); } } /** * The PLAINTEXT method does not provide any security protection and SHOULD only be used * over a secure channel such as HTTPS. It does not use the Signature Base String. * - Chapter 9.4 ("PLAINTEXT") */ class OAuthSignatureMethod_PLAINTEXT extends OAuthSignatureMethod { public function get_name() { return "PLAINTEXT"; } /** * oauth_signature is set to the concatenated encoded values of the Consumer Secret and * Token Secret, separated by a '&' character (ASCII code 38), even if either secret is * empty. The result MUST be encoded again. * - Chapter 9.4.1 ("Generating Signatures") * * Please note that the second encoding MUST NOT happen in the SignatureMethod, as * OAuthRequest handles this! */ public function build_signature($request, $consumer, $token) { $key_parts = array( $consumer->secret, ($token) ? $token->secret : "" ); $key_parts = OAuthUtil::urlencode_rfc3986($key_parts); $key = implode('&', $key_parts); $request->base_string = $key; return $key; } } /** * The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in * [RFC3447] section 8.2 (more simply known as PKCS#1), using SHA-1 as the hash function for * EMSA-PKCS1-v1_5. It is assumed that the Consumer has provided its RSA public key in a * verified way to the Service Provider, in a manner which is beyond the scope of this * specification. * - Chapter 9.3 ("RSA-SHA1") */ abstract class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod { public function get_name() { return "RSA-SHA1"; } // Up to the SP to implement this lookup of keys. Possible ideas are: // (1) do a lookup in a table of trusted certs keyed off of consumer // (2) fetch via http using a url provided by the requester // (3) some sort of specific discovery code based on request // // Either way should return a string representation of the certificate protected abstract function fetch_public_cert(&$request); // Up to the SP to implement this lookup of keys. Possible ideas are: // (1) do a lookup in a table of trusted certs keyed off of consumer // // Either way should return a string representation of the certificate protected abstract function fetch_private_cert(&$request); public function build_signature($request, $consumer, $token) { $base_string = $request->get_signature_base_string(); $request->base_string = $base_string; // Fetch the private key cert based on the request $cert = $this->fetch_private_cert($request); // Pull the private key ID from the certificate $privatekeyid = openssl_get_privatekey($cert); // Sign using the key $ok = openssl_sign($base_string, $signature, $privatekeyid); // Release the key resource openssl_free_key($privatekeyid); return base64_encode($signature); } public function check_signature($request, $consumer, $token, $signature) { $decoded_sig = base64_decode($signature); $base_string = $request->get_signature_base_string(); // Fetch the public key cert based on the request $cert = $this->fetch_public_cert($request); // Pull the public key ID from the certificate $publickeyid = openssl_get_publickey($cert); // Check the computed signature against the one passed in the query $ok = openssl_verify($base_string, $decoded_sig, $publickeyid); // Release the key resource openssl_free_key($publickeyid); return $ok == 1; } } class OAuthRequest { private $parameters; private $http_method; private $http_url; // for debug purposes public $base_string; public static $version = '1.0'; public static $POST_INPUT = 'php://input'; function __construct($http_method, $http_url, $parameters=NULL) { @$parameters or $parameters = array(); $parameters = array_merge( OAuthUtil::parse_parameters(parse_url($http_url, PHP_URL_QUERY)), $parameters); $this->parameters = $parameters; $this->http_method = $http_method; $this->http_url = $http_url; } /** * attempt to build up a request from what was passed to the server */ public static function from_request($http_method=NULL, $http_url=NULL, $parameters=NULL) { $scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on") ? 'http' : 'https'; @$http_url or $http_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . ':' . $_SERVER['SERVER_PORT'] . $_SERVER['REQUEST_URI']; @$http_method or $http_method = $_SERVER['REQUEST_METHOD']; // We weren't handed any parameters, so let's find the ones relevant to // this request. // If you run XML-RPC or similar you should use this to provide your own // parsed parameter-list if (!$parameters) { // Find request headers $request_headers = OAuthUtil::get_headers(); // Parse the query-string to find GET parameters $parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']); // It's a POST request of the proper content-type, so parse POST // parameters and add those overriding any duplicates from GET if ($http_method == "POST" && @strstr($request_headers["Content-Type"], "application/x-www-form-urlencoded") ) { $post_data = OAuthUtil::parse_parameters( file_get_contents(self::$POST_INPUT) ); $parameters = array_merge($parameters, $post_data); } // We have a Authorization-header with OAuth data. Parse the header // and add those overriding any duplicates from GET or POST if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") { $header_parameters = OAuthUtil::split_header( $request_headers['Authorization'] ); $parameters = array_merge($parameters, $header_parameters); } } return new OAuthRequest($http_method, $http_url, $parameters); } /** * pretty much a helper function to set up the request */ public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters=NULL) { @$parameters or $parameters = array(); $defaults = array("oauth_version" => OAuthRequest::$version, "oauth_nonce" => OAuthRequest::generate_nonce(), "oauth_timestamp" => OAuthRequest::generate_timestamp(), "oauth_consumer_key" => $consumer->key); if ($token) $defaults['oauth_token'] = $token->key; $parameters = array_merge($defaults, $parameters); return new OAuthRequest($http_method, $http_url, $parameters); } public function set_parameter($name, $value, $allow_duplicates = true) { if ($allow_duplicates && isset($this->parameters[$name])) { // We have already added parameter(s) with this name, so add to the list if (is_scalar($this->parameters[$name])) { // This is the first duplicate, so transform scalar (string) // into an array so we can add the duplicates $this->parameters[$name] = array($this->parameters[$name]); } $this->parameters[$name][] = $value; } else { $this->parameters[$name] = $value; } } public function get_parameter($name) { return isset($this->parameters[$name]) ? $this->parameters[$name] : null; } public function get_parameters() { return $this->parameters; } public function unset_parameter($name) { unset($this->parameters[$name]); } /** * The request parameters, sorted and concatenated into a normalized string. * @return string */ public function get_signable_parameters() { // Grab all parameters $params = $this->parameters; // Remove oauth_signature if present // Ref: Spec: 9.1.1 ("The oauth_signature parameter MUST be excluded.") if (isset($params['oauth_signature'])) { unset($params['oauth_signature']); } return OAuthUtil::build_http_query($params); } /** * Returns the base string of this request * * The base string defined as the method, the url * and the parameters (normalized), each urlencoded * and the concated with &. */ public function get_signature_base_string() { $parts = array( $this->get_normalized_http_method(), $this->get_normalized_http_url(), $this->get_signable_parameters() ); $parts = OAuthUtil::urlencode_rfc3986($parts); return implode('&', $parts); } /** * just uppercases the http method */ public function get_normalized_http_method() { return strtoupper($this->http_method); } /** * parses the url and rebuilds it to be * scheme://host/path */ public function get_normalized_http_url() { $parts = parse_url($this->http_url); $port = @$parts['port']; $scheme = $parts['scheme']; $host = $parts['host']; $path = @$parts['path']; $port or $port = ($scheme == 'https') ? '443' : '80'; if (($scheme == 'https' && $port != '443') || ($scheme == 'http' && $port != '80')) { $host = "$host:$port"; } return "$scheme://$host$path"; } /** * builds a url usable for a GET request */ public function to_url() { $post_data = $this->to_postdata(); $out = $this->get_normalized_http_url(); if ($post_data) { $out .= '?'.$post_data; } return $out; } /** * builds the data one would send in a POST request */ public function to_postdata() { return OAuthUtil::build_http_query($this->parameters); } /** * builds the Authorization: header */ public function to_header($realm=null) { $first = true; if($realm) { $out = 'Authorization: OAuth realm="' . OAuthUtil::urlencode_rfc3986($realm) . '"'; $first = false; } else $out = 'Authorization: OAuth'; $total = array(); foreach ($this->parameters as $k => $v) { if (substr($k, 0, 5) != "oauth") continue; if (is_array($v)) { throw new OAuthException('Arrays not supported in headers'); } $out .= ($first) ? ' ' : ','; $out .= OAuthUtil::urlencode_rfc3986($k) . '="' . OAuthUtil::urlencode_rfc3986($v) . '"'; $first = false; } return $out; } public function __toString() { return $this->to_url(); } public function sign_request($signature_method, $consumer, $token) { $this->set_parameter( "oauth_signature_method", $signature_method->get_name(), false ); $signature = $this->build_signature($signature_method, $consumer, $token); $this->set_parameter("oauth_signature", $signature, false); } public function build_signature($signature_method, $consumer, $token) { $signature = $signature_method->build_signature($this, $consumer, $token); return $signature; } /** * util function: current timestamp */ private static function generate_timestamp() { return time(); } /** * util function: current nonce */ private static function generate_nonce() { $mt = microtime(); $rand = mt_rand(); return md5($mt . $rand); // md5s look nicer than numbers } } class OAuthServer { protected $timestamp_threshold = 300; // in seconds, five minutes protected $version = '1.0'; // hi blaine protected $signature_methods = array(); protected $data_store; function __construct($data_store) { $this->data_store = $data_store; } public function add_signature_method($signature_method) { $this->signature_methods[$signature_method->get_name()] = $signature_method; } // high level functions /** * process a request_token request * returns the request token on success */ public function fetch_request_token(&$request) { $this->get_version($request); $consumer = $this->get_consumer($request); // no token required for the initial token request $token = NULL; $this->check_signature($request, $consumer, $token); // Rev A change $callback = $request->get_parameter('oauth_callback'); $new_token = $this->data_store->new_request_token($consumer, $callback); return $new_token; } /** * process an access_token request * returns the access token on success */ public function fetch_access_token(&$request) { $this->get_version($request); $consumer = $this->get_consumer($request); // requires authorized request token $token = $this->get_token($request, $consumer, "request"); $this->check_signature($request, $consumer, $token); // Rev A change $verifier = $request->get_parameter('oauth_verifier'); $new_token = $this->data_store->new_access_token($token, $consumer, $verifier); return $new_token; } /** * verify an api call, checks all the parameters */ public function verify_request(&$request) { $this->get_version($request); $consumer = $this->get_consumer($request); $token = $this->get_token($request, $consumer, "access"); $this->check_signature($request, $consumer, $token); return array($consumer, $token); } // Internals from here /** * version 1 */ private function get_version(&$request) { $version = $request->get_parameter("oauth_version"); if (!$version) { // Service Providers MUST assume the protocol version to be 1.0 if this parameter is not present. // Chapter 7.0 ("Accessing Protected Ressources") $version = '1.0'; } if ($version !== $this->version) { throw new OAuthException("OAuth version '$version' not supported"); } return $version; } /** * figure out the signature with some defaults */ private function get_signature_method(&$request) { $signature_method = @$request->get_parameter("oauth_signature_method"); if (!$signature_method) { // According to chapter 7 ("Accessing Protected Ressources") the signature-method // parameter is required, and we can't just fallback to PLAINTEXT throw new OAuthException('No signature method parameter. This parameter is required'); } if (!in_array($signature_method, array_keys($this->signature_methods))) { throw new OAuthException( "Signature method '$signature_method' not supported " . "try one of the following: " . implode(", ", array_keys($this->signature_methods)) ); } return $this->signature_methods[$signature_method]; } /** * try to find the consumer for the provided request's consumer key */ private function get_consumer(&$request) { $consumer_key = @$request->get_parameter("oauth_consumer_key"); if (!$consumer_key) { throw new OAuthException("Invalid consumer key"); } $consumer = $this->data_store->lookup_consumer($consumer_key); if (!$consumer) { throw new OAuthException("Invalid consumer"); } return $consumer; } /** * try to find the token for the provided request's token key */ private function get_token(&$request, $consumer, $token_type="access") { $token_field = @$request->get_parameter('oauth_token'); $token = $this->data_store->lookup_token( $consumer, $token_type, $token_field ); if (!$token) { throw new OAuthException("Invalid $token_type token: $token_field"); } return $token; } /** * all-in-one function to check the signature on a request * should guess the signature method appropriately */ private function check_signature(&$request, $consumer, $token) { // this should probably be in a different method $timestamp = @$request->get_parameter('oauth_timestamp'); $nonce = @$request->get_parameter('oauth_nonce'); $this->check_timestamp($timestamp); $this->check_nonce($consumer, $token, $nonce, $timestamp); $signature_method = $this->get_signature_method($request); $signature = $request->get_parameter('oauth_signature'); $valid_sig = $signature_method->check_signature( $request, $consumer, $token, $signature ); if (!$valid_sig) { throw new OAuthException("Invalid signature"); } } /** * check that the timestamp is new enough */ private function check_timestamp($timestamp) { if( ! $timestamp ) throw new OAuthException( 'Missing timestamp parameter. The parameter is required' ); // verify that timestamp is recentish $now = time(); if (abs($now - $timestamp) > $this->timestamp_threshold) { throw new OAuthException( "Expired timestamp, yours $timestamp, ours $now" ); } } /** * check that the nonce is not repeated */ private function check_nonce($consumer, $token, $nonce, $timestamp) { if( ! $nonce ) throw new OAuthException( 'Missing nonce parameter. The parameter is required' ); // verify that the nonce is uniqueish $found = $this->data_store->lookup_nonce( $consumer, $token, $nonce, $timestamp ); if ($found) { throw new OAuthException("Nonce already used: $nonce"); } } } class OAuthDataStore { function lookup_consumer($consumer_key) { // implement me } function lookup_token($consumer, $token_type, $token) { // implement me } function lookup_nonce($consumer, $token, $nonce, $timestamp) { // implement me } function new_request_token($consumer, $callback = null) { // return a new token attached to this consumer } function new_access_token($token, $consumer, $verifier = null) { // return a new access token attached to this consumer // for the user associated with this token if the request token // is authorized // should also invalidate the request token } } class OAuthUtil { public static function urlencode_rfc3986($input) { if (is_array($input)) { return array_map(array('OAuthUtil', 'urlencode_rfc3986'), $input); } else if (is_scalar($input)) { return str_replace( '+', ' ', str_replace('%7E', '~', rawurlencode($input)) ); } else { return ''; } } // This decode function isn't taking into consideration the above // modifications to the encoding process. However, this method doesn't // seem to be used anywhere so leaving it as is. public static function urldecode_rfc3986($string) { return urldecode($string); } // Utility function for turning the Authorization: header into // parameters, has to do some unescaping // Can filter out any non-oauth parameters if needed (default behaviour) public static function split_header($header, $only_allow_oauth_parameters = true) { $pattern = '/(([-_a-z]*)=("([^"]*)"|([^,]*)),?)/'; $offset = 0; $params = array(); while (preg_match($pattern, $header, $matches, PREG_OFFSET_CAPTURE, $offset) > 0) { $match = $matches[0]; $header_name = $matches[2][0]; $header_content = (isset($matches[5])) ? $matches[5][0] : $matches[4][0]; if (preg_match('/^oauth_/', $header_name) || !$only_allow_oauth_parameters) { $params[$header_name] = OAuthUtil::urldecode_rfc3986($header_content); } $offset = $match[1] + strlen($match[0]); } if (isset($params['realm'])) { unset($params['realm']); } return $params; } // helper to try to sort out headers for people who aren't running apache public static function get_headers() { if (function_exists('apache_request_headers')) { // we need this to get the actual Authorization: header // because apache tends to tell us it doesn't exist $headers = apache_request_headers(); // sanitize the output of apache_request_headers because // we always want the keys to be Cased-Like-This and arh() // returns the headers in the same case as they are in the // request $out = array(); foreach( $headers AS $key => $value ) { $key = str_replace( " ", "-", ucwords(strtolower(str_replace("-", " ", $key))) ); $out[$key] = $value; } } else { // otherwise we don't have apache and are just going to have to hope // that $_SERVER actually contains what we need $out = array(); if( isset($_SERVER['CONTENT_TYPE']) ) $out['Content-Type'] = $_SERVER['CONTENT_TYPE']; if( isset($_ENV['CONTENT_TYPE']) ) $out['Content-Type'] = $_ENV['CONTENT_TYPE']; foreach ($_SERVER as $key => $value) { if (substr($key, 0, 5) == "HTTP_") { // this is chaos, basically it is just there to capitalize the first // letter of every word that is not an initial HTTP and strip HTTP // code from przemek $key = str_replace( " ", "-", ucwords(strtolower(str_replace("_", " ", substr($key, 5)))) ); $out[$key] = $value; } } } return $out; } // This function takes a input like a=b&a=c&d=e and returns the parsed // parameters like this // array('a' => array('b','c'), 'd' => 'e') public static function parse_parameters( $input ) { if (!isset($input) || !$input) return array(); $pairs = explode('&', $input); $parsed_parameters = array(); foreach ($pairs as $pair) { $split = explode('=', $pair, 2); $parameter = OAuthUtil::urldecode_rfc3986($split[0]); $value = isset($split[1]) ? OAuthUtil::urldecode_rfc3986($split[1]) : ''; if (isset($parsed_parameters[$parameter])) { // We have already recieved parameter(s) with this name, so add to the list // of parameters with this name if (is_scalar($parsed_parameters[$parameter])) { // This is the first duplicate, so transform scalar (string) into an array // so we can add the duplicates $parsed_parameters[$parameter] = array($parsed_parameters[$parameter]); } $parsed_parameters[$parameter][] = $value; } else { $parsed_parameters[$parameter] = $value; } } return $parsed_parameters; } public static function build_http_query($params) { if (!$params) return ''; // Urlencode both keys and values $keys = OAuthUtil::urlencode_rfc3986(array_keys($params)); $values = OAuthUtil::urlencode_rfc3986(array_values($params)); $params = array_combine($keys, $values); // Parameters are sorted by name, using lexicographical byte value ordering. // Ref: Spec: 9.1.1 (1) uksort($params, 'strcmp'); $pairs = array(); foreach ($params as $parameter => $value) { if (is_array($value)) { // If two or more parameters share the same name, they are sorted by their value // Ref: Spec: 9.1.1 (1) natsort($value); foreach ($value as $duplicate_value) { $pairs[] = $parameter . '=' . $duplicate_value; } } else { $pairs[] = $parameter . '=' . $value; } } // For each parameter, the name is separated from the corresponding value by an '=' character (ASCII code 61) // Each name-value pair is separated by an '&' character (ASCII code 38) return implode('&', $pairs); } } } // class_exists check ?>
Fatal error: Class 'OAuthSignatureMethod_HMAC_SHA1' not found in /home/ericbogs/bo.gs/blog/wp-content/plugins/twitter-tools/twitteroauth.php on line 61