/access.php

## access.php
<?php

$domainsPath = '/path/to/domains.json';

/* example domains.json = {
  "jonneal.com": {
    "access": ["birthday", "displayName", "email", "familyName", "givenName", "likes"],
    "log": [
      [1404720571, "access"]
    ],
    "token": "$2y$10$Ei27Hp4EowSy2rFpJo9zZOZQg72XT1sNwdrgZ81LTz2wI6AemJOlW"
  },

  "tantek.com": {
    "access": ["displayName", "email", "likes"],
    "log": [
      [1404720766, "access"],
      [1404721200, "access"]
    ],
    "token": "$2y$10$wFESe9ht1CvwjjAL7cq7g.BdmbaDSSMZFpsFODWuziJVs2vW3YcRO"
  }
} */

$profilePath = '/path/to/profile.json';

/* example profile.json = {
  "birthday": "1982-09-20",
  "displayName": "Jon",
  "email": "jonathantneal@hotmail.com",
  "familyName": "Neal",
  "givenName": "Jonathan",
  "likes": ["jonneal.com"]
} */

// if POST request with token paramater and referer
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['token']) && isset($_SERVER['HTTP_REFERER'])) {
	// get domains
	$domains = json_decode(file_get_contents($domainsPath));

	// get referer host
	$host = parse_url($_SERVER['HTTP_REFERER'])['host'];

	// if domains contains referer host
	if (isset($domains->$host)) {
		// get domain
		$domain = $domains->$host;

		// if domain token matches token parameter
		if ($domain->token === $_POST['token']) {
			// commit access to log
			array_push($domain->log, array(time(), 'access'));

			// write log
			file_put_contents($domainsPath, json_encode($domains));

			// get profile
			$profile = json_decode(file_get_contents($profilePath), true);

			// get profile filtered by domain access
			$profileFiltered = array_intersect_key($profile, array_flip($domain->access));

			// get filtered profile as JSON
			$profileFilteredJSON = json_encode($profileFiltered);

			// reset headers
			header_remove();

			// set JSON content type
			header('Content-Type: application/json;charset=utf-8');

			// print JSON
			print $profileFilteredJSON;

			// end
			exit();
		}
	}
}

// Forbid request
http_response_code(403);
	<?php

	$domainsPath = '/path/to/domains.json';

	/* example domains.json = {
	"jonneal.com": {
	"access": ["birthday", "displayName", "email", "familyName", "givenName", "likes"],
	"log": [
	[1404720571, "access"]
	],
	"token": "$2y$10$Ei27Hp4EowSy2rFpJo9zZOZQg72XT1sNwdrgZ81LTz2wI6AemJOlW"
	},

	"tantek.com": {
	"access": ["displayName", "email", "likes"],
	"log": [
	[1404720766, "access"],
	[1404721200, "access"]
	],
	"token": "$2y$10$wFESe9ht1CvwjjAL7cq7g.BdmbaDSSMZFpsFODWuziJVs2vW3YcRO"
	}
	} */

	$profilePath = '/path/to/profile.json';

	/* example profile.json = {
	"birthday": "1982-09-20",
	"displayName": "Jon",
	"email": "jonathantneal@hotmail.com",
	"familyName": "Neal",
	"givenName": "Jonathan",
	"likes": ["jonneal.com"]
	} */

	// if POST request with token paramater and referer
	if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['token']) && isset($_SERVER['HTTP_REFERER'])) {
	// get domains
	$domains = json_decode(file_get_contents($domainsPath));

	// get referer host
	$host = parse_url($_SERVER['HTTP_REFERER'])['host'];

	// if domains contains referer host
	if (isset($domains->$host)) {
	// get domain
	$domain = $domains->$host;

	// if domain token matches token parameter
	if ($domain->token === $_POST['token']) {
	// commit access to log
	array_push($domain->log, array(time(), 'access'));

	// write log
	file_put_contents($domainsPath, json_encode($domains));

	// get profile
	$profile = json_decode(file_get_contents($profilePath), true);

	// get profile filtered by domain access
	$profileFiltered = array_intersect_key($profile, array_flip($domain->access));

	// get filtered profile as JSON
	$profileFilteredJSON = json_encode($profileFiltered);

	// reset headers
	header_remove();

	// set JSON content type
	header('Content-Type: application/json;charset=utf-8');

	// print JSON
	print $profileFilteredJSON;

	// end
	exit();
	}
	}
	}

	// Forbid request
	http_response_code(403);