Invalid signature uploading photo to flickr

I am using the following code:

<?php
 $token = $_REQUEST['token'];
 $file = $_REQUEST['file'];
 $sig = "xxxxxxxxxxxxxxxxxapi_keyxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxauth_token" . $token;
 $sign = md5($sig);
 $url = "http://api.flickr.com/services/upload/";
 $ch = curl_init();
 /**
 * Set the URL of the page or file to download.
 */

 $body = "api_key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&api_sig=" . $sign .         "&auth_token=" . $token . "&photo=" . $file;

 curl_setopt($ch, CURLOPT_URL, $url);

 curl_setopt($ch, CURLOPT_POST, 1);
 curl_setopt($ch, CURLOPT_POSTFIELDS, $body);

 /**
 * Ask cURL to return the contents in a variable
 * instead of simply echoing them开发者_运维知识库 to the browser.
 */
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 /**
 * Execute the cURL session
 */
 $contents = curl_exec ($ch);
 /**
 * Close cURL session
 */
 curl_close ($ch);

 echo $contents;
?>

to create my signature for the flickr upload post call. However, it keeps telling me its invalid....what am I doing wrong?

maybe you could have a quick look at my code?

You need to include all of the post parameters, except the photo parameter, in the string (in alphabetical order) that you take the hash of.

See http://www.flickr.com/services/api/auth.spec.html#signing

I just had the same problem, tried all combinations of orders and parameters but in the end it turned out that I was missing enctype="multipart/form-data" inside html FORM tag which needs to be like this:

<FORM action="http://api.flickr.com/services/upload/" enctype="multipart/form-data" method="post">
        <P>     
        <LABEL for="api_key">api_key: </LABEL>
                  <INPUT type="text" id="Text1" name="api_key"><BR>
        <LABEL for="auth_token">auth_token: </LABEL>
                  <INPUT type="text" id="Text2" name="auth_token"><BR>
        <LABEL for="api_sig">api_sig: </LABEL>
                  <INPUT type="text" id="Text3" name="api_sig"><BR>
        <LABEL for="photo">photo: </LABEL>
                  <INPUT type="file" id="Password1" name="photo"><BR>
        <INPUT type="submit" value="Send"> <INPUT type="reset">
        </P>
     </FORM>

public function sync_upload($photo, $title = null, $description = null, $tags = null, $is_public = null, $is_friend = null, $is_family = null)
    {
        $args = array("api_key" => $this->api_key, "title" => $title, "description" => $description, "tags" => $tags, "is_public" => $is_public, "is_friend" => $is_friend, "is_family" => $is_family);

        if (!empty($this->token)) {
            $args = array_merge($args, array("auth_token" => $this->token));
        }
        ksort($args);
        $auth_sig = "";
        foreach ($args as $key => $data) {
            if ( is_null($data) ) {
                unset($args[$key]);
            } else {
                $auth_sig .= $key . $data;
            }
        }
        if (!empty($this->secret)) {
            $api_sig = md5($this->secret . $auth_sig);
            $args["api_sig"] = $api_sig;
        }
        $photo = realpath($photo);
        $args['photo'] = new CurlFile($photo, 'image/png');
        $curl = curl_init($this->upload_endpoint);
        curl_setopt($curl, CURLOPT_POST, true);
        curl_setopt($curl,CURLOPT_SSL_VERIFYPEER,false);
        curl_setopt($curl,CURLOPT_SSLVERSION,4);
        curl_setopt($curl, CURLOPT_POSTFIELDS, $args);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
        $response = curl_exec($curl);
        curl_close($curl);

        $rsp = explode("\n", $response);
        foreach ($rsp as $line) {
            if (preg_match('|<err code="([0-9]+)" msg="(.*)"|', $line, $match)) {
               return false;
            } elseif (preg_match("|<photoid>(.*)</photoid>|", $line, $match)) {
                return $match[1];
            }
        }

    }

Hope this help.