+ if (isset($_GET['action']) && $_GET['action'] == 'login') {
+ //log the user in
+ $auth = $_POST['auth'];
+ $redirect_uri = verifyUrlParameter($auth, 'redirect_uri');
+ $client_id = verifyUrlParameter($auth, 'client_id');
+ $state = getOptionalParameter($auth, 'state', null);
+ $response_type = getOptionalParameter($auth, 'response_type', 'id');
+ $scope = getOptionalParameter($auth, 'scope', null);
+
+ $id = $_POST['id'];
+ verifyParameter($id, 'mode');
+
+ $userId = getOrCreateUser(
+ $id['mode'], trim($id['name']), trim($id['email'])
+ );
+ $me = Urls::full(Urls::user($userId));
+
+ $code = base64_encode(
+ http_build_query(
+ [
+ 'emoji' => '\360\237\222\251',
+ 'me' => $me,
+ 'scope' => $scope,
+ 'signature' => 'FIXME',
+ ]
+ )
+ );
+
+ //redirect back to client
+ $url = new \Net_URL2($redirect_uri);
+ if ($response_type == 'code') {
+ $url->setQueryVariable('code', $code);
+ }
+ $url->setQueryVariable('me', $me);
+ $url->setQueryVariable('state', $state);
+ header('Location: ' . $url->getURL());
+ exit();
+ } else {
+ //auth code verification
+ $code = base64_decode(verifyParameter($_POST, 'code'));
+ $redirect_uri = verifyUrlParameter($_POST, 'redirect_uri');
+ $client_id = verifyUrlParameter($_POST, 'client_id');
+ $state = getOptionalParameter($_POST, 'state', null);
+
+ parse_str($code, $codeParts);
+ $emoji = verifyParameter($codeParts, 'emoji');
+ $signature = verifyParameter($codeParts, 'signature');
+ $me = verifyUrlParameter($codeParts, 'me');
+ if ($emoji != '\360\237\222\251') {
+ error('Dog poo missing');
+ }
+ if ($signature != 'FIXME') {
+ error('Invalid signature');
+ }
+ header('HTTP/1.0 200 OK');
+ header('Content-type: application/x-www-form-urlencoded');
+ echo http_build_query(['me' => $me]);
+ exit();
+ }