The Picasa Web Albums API, like all GData APIs, is based off of the Atom Publishing Protocol (APP), an XML based format for managing web-based resources. Traffic between a client and the servers occurs over HTTP and allows for both authenticated and unauthenticated connections.
Before any transactions can occur, this connection needs to be made. Creating a
connection to the Picasa servers involves two steps: creating an HTTP
client and binding a Zend_Gdata_Photos
service instance to that client.
The Google Picasa API allows access to both public and private photo feeds. Public feeds do not require authentication, but are read-only and offer reduced functionality. Private feeds offers the most complete functionality but requires an authenticated connection to the Picasa servers. There are three authentication schemes that are supported by Google Picasa :
ClientAuth provides direct username/password authentication to the Picasa servers. Since this scheme requires that users provide your application with their password, this authentication is only recommended when other authentication schemes are insufficient.
AuthSub allows authentication to the Picasa servers via a Google proxy server. This provides the same level of convenience as ClientAuth but without the security risk, making this an ideal choice for web-based applications.
The
Zend_Gdata
library provides support for both authentication schemes.
The rest of this chapter will assume that you are familiar the
authentication schemes available and how to create an
appropriate authenticated connection. For more information,
please see section the
Authentication section
of this manual or the Authentication Overview in the
Google Data API Developer's Guide.
In order to interact with the servers, this library provides the
Zend_Gdata_Photos service class. This class provides a common
interface to the Google Data and Atom Publishing Protocol models and assists in
marshaling requests to and from the servers.
Once deciding on an authentication scheme, the next step is to create an instance of
Zend_Gdata_Photos. The class constructor takes an instance of
Zend_Http_Client as a single argument. This provides an
interface for AuthSub and ClientAuth authentication, as both of these require
creation of a special authenticated HTTP client. If no arguments
are provided, an unauthenticated instance of Zend_Http_Client
will be automatically created.
The example below shows how to create a service class using ClientAuth authentication:
<?php
// Parameters for ClientAuth authentication
$service = Zend_Gdata_Photos::AUTH_SERVICE_NAME;
$user = "sample.user@gmail.com";
$pass = "pa$$w0rd";
// Create an authenticated HTTP client
$client = Zend_Gdata_ClientLogin::getHttpClient($user, $pass, $service);
// Create an instance of the service
$service = new Zend_Gdata_Photos($client);
A service instance using AuthSub can be created in a similar, though slightly more lengthy fashion:
<?php
session_start();
/**
* Returns the full URL of the current page, based upon env variables
*
* Env variables used:
* $_SERVER['HTTPS'] = (on|off|)
* $_SERVER['HTTP_HOST'] = value of the Host: header
* $_SERVER['SERVER_PORT'] = port number (only used if not http/80,https/443)
* $_SERVER['REQUEST_URI'] = the URI after the method of the HTTP request
*
* @return string Current URL
*/
function getCurrentUrl()
{
global $_SERVER;
/**
* Filter php_self to avoid a security vulnerability.
*/
$php_request_uri = htmlentities(substr($_SERVER['REQUEST_URI'], 0,
strcspn($_SERVER['REQUEST_URI'], "\n\r")), ENT_QUOTES);
if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') {
$protocol = 'https://';
} else {
$protocol = 'http://';
}
$host = $_SERVER['HTTP_HOST'];
if ($_SERVER['SERVER_PORT'] != '' &&
(($protocol == 'http://' && $_SERVER['SERVER_PORT'] != '80') ||
($protocol == 'https://' && $_SERVER['SERVER_PORT'] != '443'))) {
$port = ':' . $_SERVER['SERVER_PORT'];
} else {
$port = '';
}
return $protocol . $host . $port . $php_request_uri;
}
/**
* Returns the AuthSub URL which the user must visit to authenticate requests
* from this application.
*
* Uses getCurrentUrl() to get the next URL which the user will be redirected
* to after successfully authenticating with the Google service.
*
* @return string AuthSub URL
*/
function getAuthSubUrl()
{
$next = getCurrentUrl();
$scope = 'http://picasaweb.google.com/data';
$secure = false;
$session = true;
return Zend_Gdata_AuthSub::getAuthSubTokenUri($next, $scope, $secure,
$session);
}
/**
* Returns a HTTP client object with the appropriate headers for communicating
* with Google using AuthSub authentication.
*
* Uses the $_SESSION['sessionToken'] to store the AuthSub session token after
* it is obtained. The single use token supplied in the URL when redirected
* after the user succesfully authenticated to Google is retrieved from the
* $_GET['token'] variable.
*
* @return Zend_Http_Client
*/
function getAuthSubHttpClient()
{
global $_SESSION, $_GET;
if (!isset($_SESSION['sessionToken']) && isset($_GET['token'])) {
$_SESSION['sessionToken'] =
Zend_Gdata_AuthSub::getAuthSubSessionToken($_GET['token']);
}
$client = Zend_Gdata_AuthSub::getHttpClient($_SESSION['sessionToken']);
return $client;
}
/**
* Create a new instance of the service, redirecting the user
* to the AuthSub server if necessary.
*/
$service = new Zend_Gdata_Photos(getAuthSubHttpClient());
Finally, an unauthenticated server can be created for use with public feeds:
<?php
// Create an instance of the service using an unauthenticated HTTP client
$service = new Zend_Gdata_Photos();