// CSRF attack? Or did you mix up your states?
exit;
}
} else {
if (empty($_SESSION['expires_at']) || time() > $_SESSION['expires_at']) {
// Token has expired, clear the state
$_SESSION = array();
}
if (empty($_SESSION['access_token'])) {
// Start authorization process
getAuthorizationCode();
}
}
// Congratulations! You have a valid token. Now fetch your profile
$linkedin = new Linkedin();
$linkedinUser = $linkedin->fetch('GET', '/v1/people/~:(id,firstName,lastName,picture-url,public-profile-url,api-standard-profile-request:(url))');
//print_r($linkedinUser);
if (User::login($linkedinUser, $_SESSION['access_token'], $_SESSION['expires_at'])) {
header('Location: ./landing.php');
}
function getAuthorizationCode()
{
$params = array('response_type' => 'code', 'client_id' => API_KEY, 'scope' => SCOPE, 'state' => uniqid('', true), 'redirect_uri' => REDIRECT_URI);
// Authentication request
$url = 'https://www.linkedin.com/uas/oauth2/authorization?' . http_build_query($params);
// Needed to identify request when it returns to us
$_SESSION['state'] = $params['state'];
// Redirect user to authenticate
header("Location: {$url}");
exit;
}
public function extractFromLinkedin()
{
$linkedin = new Linkedin();
//update student description
$descResult = $linkedin->fetch('GET', '/v1/people/~:(summary)');
$this->description = $descResult->summary;
$this->save();
//extract skill details
$skillsResult = $linkedin->fetch('GET', '/v1/people/~/skills');
$this->insertSkills($skillsResult->values);
}