return $code;
}
-function validate_token($code, $redirect_uri, $client_id, $state)
+function validate_token($code, $redirect_uri, $client_id)
{
$db = loadDb();
$stmt = $db->prepare(
. ' code = :code'
. ' AND redirect_uri = :redirect_uri'
. ' AND client_id = :client_id'
- . ' AND state = :state'
. ' AND created >= :created'
);
$stmt->execute(
':code' => $code,
':redirect_uri' => $redirect_uri,
':client_id' => $client_id,
- ':state' => (string) $state,
':created' => date('c', time() - 60)
)
);
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$redirect_uri = verifyUrlParameter($_POST, 'redirect_uri');
$client_id = verifyUrlParameter($_POST, 'client_id');
- $state = null;
- if (isset($_POST['state'])) {
- $state = $_POST['state'];
- }
if (!isset($_POST['code'])) {
error('"code" parameter missing');
}
$token = $_POST['code'];
- $me = validate_token($token, $redirect_uri, $client_id, $state);
+ $me = validate_token($token, $redirect_uri, $client_id);
if ($me === false) {
error('Validating token failed');
}