Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Minimal micropub endpoint.
<?php
# Licensed under a CC0 1.0 Universal (CC0 1.0) Public Domain Dedication
# http://creativecommons.org/publicdomain/zero/1.0/
$mysite = 'https://adactio.com/'; // Change this to your website.
$token_endpoint = 'https://tokens.indieauth.com/token';
$_HEADERS = array();
foreach(getallheaders() as $name => $value) {
$_HEADERS[$name] = $value;
}
if (!isset($_HEADERS['Authorization'])) {
header($_SERVER['SERVER_PROTOCOL'] . ' 401 Unauthorized');
echo 'Missing "Authorization" header.';
exit;
}
if (!isset($_POST['h'])) {
header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
echo 'Missing "h" value.';
exit;
}
$options = array(
CURLOPT_URL => $token_endpoint,
CURLOPT_HTTPGET => TRUE,
CURLOPT_USERAGENT => $mysite,
CURLOPT_TIMEOUT => 5,
CURLOPT_RETURNTRANSFER => TRUE,
CURLOPT_HEADER => FALSE,
CURLOPT_HTTPHEADER => array(
'Content-type: application/x-www-form-urlencoded',
'Authorization: '.$_HEADERS['Authorization']
)
);
$curl = curl_init();
curl_setopt_array($curl, $options);
$source = curl_exec($curl);
curl_close($curl);
parse_str($source, $values);
if (!isset($values['me'])) {
header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
echo 'Missing "me" value in authentication token.';
exit;
}
if (!isset($values['scope'])) {
header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
echo 'Missing "scope" value in authentication token.';
exit;
}
if (substr($values['me'], -1) != '/') {
$values['me'].= '/';
}
if (substr($mysite, -1) != '/') {
$mysite.= '/';
}
if (strtolower($values['me']) != strtolower($mysite)) {
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
echo 'Mismatching "me" value in authentication token.';
exit;
}
if (!stristr($values['scope'], 'post')) {
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
echo 'Missing "post" value in "scope".';
exit;
}
if (!isset($_POST['content'])) {
header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
echo 'Missing "content" value.';
exit;
}
/* Everything's cool. Do something with the $_POST variables
(such as $_POST['content'], $_POST['category'], $_POST['location'], etc.)
e.g. create a new entry, store it in a database, whatever. */
header($_SERVER['SERVER_PROTOCOL'] . ' 201 Created');
header('Location: '.$mysite);
?>
@fkooman

This comment has been minimized.

Show comment Hide comment
@fkooman

fkooman May 9, 2015

void header ( string $string [, bool $replace = true [, int $http_response_code ]] )

header('Location: ' . $mysite, true, 201);

fkooman commented May 9, 2015

void header ( string $string [, bool $replace = true [, int $http_response_code ]] )

header('Location: ' . $mysite, true, 201);

@aaronpk

This comment has been minimized.

Show comment Hide comment
@aaronpk

aaronpk Jan 28, 2018

fyi most Micropub clients have started using the create scope instead of post, so you'll likely want to change that on line 66

aaronpk commented Jan 28, 2018

fyi most Micropub clients have started using the create scope instead of post, so you'll likely want to change that on line 66

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment