My Sacrilegious Twitter App: Jesus the Zombie

I like to play around with PHP and APIs and create silly, stupid things every now and then.  After recently watching a number of zombie-themed shows, namely The Walking Dead and Dead Set, I thought it would be funny to have an app that would “eat” the brains of people’s Twitter avatars. And for whatever reason, I thought having a Zombie Jesus doing the eating would be even funnier.

I worked out the steps that needed to happen: 1) get a submitted user’s avatar from Twitter, 2) process the image so it looks like Jesus is eating the “brains”, 3) display/save the image, 4) send out a Tweet with a link to the picture.

Getting the avatar from Twitter is a fairly simple function:

function getAvatar($screen_name){
     $url = "".$screen_name;
     $ch = curl_init();
     $return = curl_exec($ch);
     $return = json_decode($return);
     return $return->profile_image_url;

Since you don’t need authentication, you just “curl” to get the user’s info, parse the json, and return the avatar’s url.  Processing the image isn’t so easy. I’ve used the GD2 library in the past… for another simple app that put a custom message on Charlie from “Lost”‘s hand, in the episode where he wrote “Not Pennys Boat” on his hand, which I can’t seem to find now.  GD2 is powerful, but not user-friendly at all. So I searched for a better solution, and found the amazing WideImage library. It does everything I needed, and I was able to map out the process I needed in a few minutes.

I grabbed the image from Twitter, resize it to 60px by 60px, then rotate it -45 degrees. Then I have a Jesus png that I use as a mask, with the section where the avatar goes being cut out… and some blood coming down for effect. To do the masking effectively, I had to then resize the avatar’s canvas to the size of the main Jesus pic, and position the avatar on the canvas to the area where the open area of the Jesus pic is. Then you merge the two pictures to make the final image.

After that, I just used “writeText” to put the caption on. I had do a second “writeText” in black for the bottom part, to give it a shadow, since just the white was being washed out. Once all that is done, I save the file. For the filename, I was originally using the timecode… but if by chance multiple people hit the site simultaneously, it might be hosed. So instead, I took the two submitted usernames and the timecode… and ran md5 on it. I’m assuming that will give totally unique names.

I didn’t want to be serving up the images solely on my machine, so I decided to use the TwitPic API to save the images. This also allowed me to skip using the Twitter API and do the actual post from TwitPic as well. Since this is a simple, fun project, I decided to use the legacy v1 of the API, because I didn’t want to mess with oAuth.  Here’s that function:

function sendPic($file,$to,$from) {
     $key = ""; // TwitPic API key
     $consumer_token = ""; // Twitter application consumer key
     $consumer_secret = ""; // Twitter application consumer secret
     $oauth_token = ""; // the user's OAuth token
     $oauth_secret = ""; // the user's OAuth secret
     $ar = array (
         "consumer_token" => $consumer_token,
         "consumer_secret" => $consumer_secret,
         "oauth_token" => $oauth_token,
         "oauth_secret" => $oauth_secret,
         "key" => $key,
         "message" => "I just ate @" . $to . "'s brains at the request of @". $from ,
         "media" => "@$file"
     $url = "";
     $ch = curl_init();
     curl_setopt($ch, CURLOPT_URL, $url);
     curl_setopt($ch, CURLOPT_POST, 1);
     curl_setopt($ch, CURLOPT_POSTFIELDS, $ar);
     curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
     return true;

And that’s basically it. The only other bit of code-fu I used was to check the Twitter names people might put in… since sometimes people will use the “@” in front of the name, and other times they won’t. So I just ran a “strpos” checking for “@”, and if it’s at the 0 position, I “substr” to position 1.

As far as security, there really isn’t any.  Since there’s no mySQL, I wasn’t too worried about it… as there’s not much to exploit with the simple code I used. I did set a session with the timecode, and if you try to submit the form more than once a minute, it sends an error… though that would be trivial to overcome.

Other than toying with it some more, I’m pretty much finished. Being wide open as it is, it’s very very VERY susceptible to spam… so I may implement a bit of oAuth eventually. Other than that, it’s really only amusing for a few times… after that, it’s just a bit annoying. So we’ll see if anyone else finds it humorous.