Create index.php

541fe1d4 · Aaron Parecki · GitHub · 854d1157 · 541fe1d4
--- a/index.php
+++ b/index.php
+<?php
+// Fill these out with the values you got from Github
+$githubClientID = '';
+$githubClientSecret = '';
+
+// This is the URL we'll send the user to first to get their authorization
+$authorizeURL = 'https://github.com/login/oauth/authorize';
+
+// This is the endpoint our server will request an access token from
+$tokenURL = 'https://github.com/login/oauth/access_token';
+
+// This is the Github base URL we can use to make authenticated API requests
+$apiURLBase = 'https://api.github.com/';
+
+// The full path to this script. Note that for production sites, you should use an https URL.
+$baseURL = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];
+
+// Start a session so we have a place to store things between redirects
+session_start();
+
+// Start the login process by sending the user to Github's authorization page
+if(get('action') == 'login') {
+  // Generate a random hash and store in the session for security
+  $_SESSION['state'] = hash('sha256', microtime(1).rand().$_SERVER['REMOTE_ADDR']);
+  unset($_SESSION['access_token']);
+
+  $params = array(
+    'client_id' => $githubClientID,
+    'redirect_uri' => $baseURL,
+    'scope' => 'user',
+    'state' => $_SESSION['state']
+  );
+
+  // Redirect the user to Github's authorization page
+  header('Location: ' . $authorizeURL . '?' . http_build_query($params));
+  die();
+}
+
+// When Github redirects the user back here, there will be a "code" and "state" 
+// parameter in the query string
+if(get('code')) {
+  // Verify the state matches our stored state
+  if(!get('state') || $_SESSION['state'] != get('state')) {
+    header('Location: ' . $baseURL . '?error=invalid_state');
+    die();
+  }
+
+  // Exchange the auth code for a token
+  $token = apiRequest($tokenURL, array(
+    'client_id' => $githubClientID,
+    'client_secret' => $githubClientSecret,
+    'redirect_uri' => $baseURL,
+    'state' => $_SESSION['state'],
+    'code' => get('code')
+  ));
+  $_SESSION['access_token'] = $token->access_token;
+
+  header('Location: ' . $baseURL);
+  die();
+}
+
+// If there is an access token in the session the user is logged in
+if(session('access_token')) {
+  // Make an API request to Github to fetch basic profile information
+  $user = apiRequest($apiURLBase . 'user');
+
+  echo '<h3>Logged In</h3>';
+  echo '<h4>' . $user->name . '</h4>';
+  echo '<pre>';
+  print_r($user);
+  echo '</pre>';
+
+} else {
+  echo '<h3>Not logged in</h3>';
+  echo '<p><a href="?action=login">Log In</a></p>';
+}
+
+
+function apiRequest($url, $post=FALSE, $headers=array()) {
+  $ch = curl_init($url);
+  curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
+
+  if($post)
+    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post));
+
+  $headers[] = 'Accept: application/json';
+
+  if(session('access_token'))
+    $headers[] = 'Authorization: Bearer ' . session('access_token');
+
+  curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
+
+  $response = curl_exec($ch);
+  return json_decode($response);
+}
+
+function get($key, $default=NULL) {
+  return array_key_exists($key, $_GET) ? $_GET[$key] : $default;
+}
+
+function session($key, $default=NULL) {
+  return array_key_exists($key, $_SESSION) ? $_SESSION[$key] : $default;
+}