exit();
}
- // Display an authorization form.
- if (empty($_POST)) {
+ // Display an authorization form (unless the scope is email, which we always grant in this system).
+ if (empty($_POST) && (@$request->query['scope'] != 'email')) {
$para = $body->appendElement('p', sprintf(_('Hi %s!'), $user['email']));
$para->setAttribute('class', 'userwelcome');
}
else {
// Handle authorize request, forwarding code in GET parameters if the user has authorized your client.
- $is_authorized = ($_POST['authorized'] === 'yes');
+ $is_authorized = (($_POST['authorized'] === 'yes') || ($request->query['scope'] == 'email'));
$server->handleAuthorizeRequest($request, $response, $is_authorized);
/* For testing only
if ($is_authorized) {
// If the session has a redirect set, make sure it's performed.
if (strlen(@$session['saved_redirect'])) {
header('Location: '.$utils->getDomainBaseURL().$session['saved_redirect']);
+ // Remove redirect.
+ $result = $db->prepare('UPDATE `auth_sessions` SET `saved_redirect` = :redir WHERE `id` = :sessid;');
+ if (!$result->execute(array(':redir' => '', ':sessid' => $session['id']))) {
+ $utils->log('redir_save_failure', 'session: '.$session['id'].', redirect: (empty)');
+ }
}
// If the session has a user set, create a new one - otherwise take existing session entry.
if (intval($session['user'])) {