We're going to assume you're setting up a Twitterbot to use a Twitterbot app (as described at the Twitterbot page), and that you're going to use The Hard Way to enable authorization between your Twitterbot and your app. This will enable you to authorize an arbitrary number of users with a single app.

If you go with The Hard Way, the Twitter account you use to create the app should be your primary Twitter account, or an app that is exclusively for deploying the app. (Side note: while Twitter will normally delete inactive accounts, i.e., accounts that have no tweets, if an account owns an app and has never tweeted, Twitter will still consider this an active account, and will not delete it.)

Assuming you've created your app, you now need to modify it to enable it to authorize Twitter users other than the Twitter user who created the app. I'm following this article https://dev.twitter.com/docs/auth/pin-based-authorization for PIN-based authentication.

Process Breakdown

Normal Sign-In/Authorization

A normal sign-in or user authorization procedure follows these basic steps:

First, we send a POST request to Twitter servers containing a request for OAuth tokens.

Next, Twitter's servers respond to the GET request with a public and private OAuth token.

Now, the app redirects the user (this is the OAuth URL redirection field we left blank when we created our app) to a new URL. This URL contains a public OAuth token in the URL itself, and this public token allows third parties to authorize users via Twitter, without handling their usernames and passwords directly.

Implementation

Using either Python or PHP...

Probably PHP, because I haven't dealt with POST and GET in Python yet and this is a bit of a one-shot thing.