From 541fe1d45d1a0651bb2d9d369a5efccefe447c47 Mon Sep 17 00:00:00 2001
From: Aaron Parecki <aaron@parecki.com>
Date: Mon, 8 Aug 2016 10:58:29 -0700
Subject: [PATCH] Create index.php
---
index.php | 103 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 103 insertions(+)
create mode 100644 index.php
diff --git a/index.php b/index.php
new file mode 100644
index 0000000..9b5b0b3
--- /dev/null
+++ b/index.php
@@ -0,0 +1,103 @@
+<?php
+// Fill these out with the values you got from Github
+$githubClientID = '';
+$githubClientSecret = '';
+
+// This is the URL we'll send the user to first to get their authorization
+$authorizeURL = 'https://github.com/login/oauth/authorize';
+
+// This is the endpoint our server will request an access token from
+$tokenURL = 'https://github.com/login/oauth/access_token';
+
+// This is the Github base URL we can use to make authenticated API requests
+$apiURLBase = 'https://api.github.com/';
+
+// The full path to this script. Note that for production sites, you should use an https URL.
+$baseURL = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];
+
+// Start a session so we have a place to store things between redirects
+session_start();
+
+// Start the login process by sending the user to Github's authorization page
+if(get('action') == 'login') {
+ // Generate a random hash and store in the session for security
+ $_SESSION['state'] = hash('sha256', microtime(1).rand().$_SERVER['REMOTE_ADDR']);
+ unset($_SESSION['access_token']);
+
+ $params = array(
+ 'client_id' => $githubClientID,
+ 'redirect_uri' => $baseURL,
+ 'scope' => 'user',
+ 'state' => $_SESSION['state']
+ );
+
+ // Redirect the user to Github's authorization page
+ header('Location: ' . $authorizeURL . '?' . http_build_query($params));
+ die();
+}
+
+// When Github redirects the user back here, there will be a "code" and "state"
+// parameter in the query string
+if(get('code')) {
+ // Verify the state matches our stored state
+ if(!get('state') || $_SESSION['state'] != get('state')) {
+ header('Location: ' . $baseURL . '?error=invalid_state');
+ die();
+ }
+
+ // Exchange the auth code for a token
+ $token = apiRequest($tokenURL, array(
+ 'client_id' => $githubClientID,
+ 'client_secret' => $githubClientSecret,
+ 'redirect_uri' => $baseURL,
+ 'state' => $_SESSION['state'],
+ 'code' => get('code')
+ ));
+ $_SESSION['access_token'] = $token->access_token;
+
+ header('Location: ' . $baseURL);
+ die();
+}
+
+// If there is an access token in the session the user is logged in
+if(session('access_token')) {
+ // Make an API request to Github to fetch basic profile information
+ $user = apiRequest($apiURLBase . 'user');
+
+ echo '<h3>Logged In</h3>';
+ echo '<h4>' . $user->name . '</h4>';
+ echo '<pre>';
+ print_r($user);
+ echo '</pre>';
+
+} else {
+ echo '<h3>Not logged in</h3>';
+ echo '<p><a href="?action=login">Log In</a></p>';
+}
+
+
+function apiRequest($url, $post=FALSE, $headers=array()) {
+ $ch = curl_init($url);
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
+
+ if($post)
+ curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post));
+
+ $headers[] = 'Accept: application/json';
+
+ if(session('access_token'))
+ $headers[] = 'Authorization: Bearer ' . session('access_token');
+
+ curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
+
+ $response = curl_exec($ch);
+ return json_decode($response);
+}
+
+function get($key, $default=NULL) {
+ return array_key_exists($key, $_GET) ? $_GET[$key] : $default;
+}
+
+function session($key, $default=NULL) {
+ return array_key_exists($key, $_SESSION) ? $_SESSION[$key] : $default;
+}
--
GitLab