Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Minimal micropub endpoint.
<?php
# Licensed under a CC0 1.0 Universal (CC0 1.0) Public Domain Dedication
# http://creativecommons.org/publicdomain/zero/1.0/
$mysite = 'https://adactio.com/'; // Change this to your website.
$token_endpoint = 'https://tokens.indieauth.com/token';
$_HEADERS = array();
foreach(getallheaders() as $name => $value) {
$_HEADERS[$name] = $value;
}
if (!isset($_HEADERS['Authorization'])) {
header($_SERVER['SERVER_PROTOCOL'] . ' 401 Unauthorized');
echo 'Missing "Authorization" header.';
exit;
}
if (!isset($_POST['h'])) {
header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
echo 'Missing "h" value.';
exit;
}
$options = array(
CURLOPT_URL => $token_endpoint,
CURLOPT_HTTPGET => TRUE,
CURLOPT_USERAGENT => $mysite,
CURLOPT_TIMEOUT => 5,
CURLOPT_RETURNTRANSFER => TRUE,
CURLOPT_HEADER => FALSE,
CURLOPT_HTTPHEADER => array(
'Content-type: application/x-www-form-urlencoded',
'Authorization: '.$_HEADERS['Authorization']
)
);
$curl = curl_init();
curl_setopt_array($curl, $options);
$source = curl_exec($curl);
curl_close($curl);
parse_str($source, $values);
if (!isset($values['me'])) {
header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
echo 'Missing "me" value in authentication token.';
exit;
}
if (!isset($values['scope'])) {
header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
echo 'Missing "scope" value in authentication token.';
exit;
}
if (substr($values['me'], -1) != '/') {
$values['me'].= '/';
}
if (substr($mysite, -1) != '/') {
$mysite.= '/';
}
if (strtolower($values['me']) != strtolower($mysite)) {
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
echo 'Mismatching "me" value in authentication token.';
exit;
}
if (!stristr($values['scope'], 'post')) {
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
echo 'Missing "post" value in "scope".';
exit;
}
if (!isset($_POST['content'])) {
header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
echo 'Missing "content" value.';
exit;
}
/* Everything's cool. Do something with the $_POST variables
(such as $_POST['content'], $_POST['category'], $_POST['location'], etc.)
e.g. create a new entry, store it in a database, whatever. */
header($_SERVER['SERVER_PROTOCOL'] . ' 201 Created');
header('Location: '.$mysite);
?>

fkooman commented May 9, 2015

void header ( string $string [, bool $replace = true [, int $http_response_code ]] )

header('Location: ' . $mysite, true, 201);

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment