1 <?php

     2 

     3 /**

     4  * include some common code (like we did in the 90s)

     5  * People still do this? ;)

     6  */

     7 include_once './common.php';

     8 

     9 /**

    10  * Someone's knocking at the door using the Callback URL - if they have

    11  * some GET data, it might mean that someone's just approved OAuth access

    12  * to their account, so we better exchange our current Request Token

    13  * for a newly authorised Access Token. There is an outstanding Request Token

    14  * to exchange, right?

    15  */

    16 if (!empty($_GET) && isset($_SESSION['TWITTER_REQUEST_TOKEN'])) {

    17     $token = $consumer->getAccessToken($_GET, unserialize($_SESSION['TWITTER_REQUEST_TOKEN']));

    18     $_SESSION['TWITTER_ACCESS_TOKEN'] = serialize($token);

    19 

    20     /**

    21      * Now that we have an Access Token, we can discard the Request Token

    22      */

    23     $_SESSION['TWITTER_REQUEST_TOKEN'] = null;

    24 

    25     /**

    26      * With Access Token in hand, let's try accessing the client again

    27      */

    28     header('Location: ' . URL_ROOT );

    29 } else {

    30     /**

    31      * Mistaken request? Some malfeasant trying something?

    32      */

    33     exit('Invalid callback request. Oops. Sorry.');

    34 }