+ $ctx = stream_context_create(
+ array(
+ 'http' => array(
+ 'header' => array(
+ 'Authorization: Bearer ' . $token
+ ),
+ 'ignore_errors' => true,
+ ),
+ )
+ );
+ //FIXME: make hard-coded token server URL configurable
+ $res = @file_get_contents(Urls::full('/token.php'), false, $ctx);
+ list($dummy, $code, $msg) = explode(' ', $http_response_header[0]);
+ if ($code != 200) {
+ mpError(
+ 'HTTP/1.0 403 Forbidden',
+ 'forbidden',
+ 'Error verifying bearer token: ' . trim($res)
+ );
+ }
+
+ parse_str($res, $data);
+ //FIXME: they spit out non-micropub json error responess
+ verifyUrlParameter($data, 'me');
+ verifyUrlParameter($data, 'client_id');
+ verifyParameter($data, 'scope');
+
+ return [$data['me'], $data['client_id'], $data['scope']];
+}
+
+function handleCreate($json, $token)
+{
+ list($me, $client_id, $scope) = validateToken($token);
+ $userId = Urls::userId($me);
+ if ($userId === null) {
+ mpError(
+ 'HTTP/1.0 403 Forbidden',
+ 'forbidden',
+ 'Invalid user URL'