1<a href='http://login.example.com/login.php?source=my.other.site.com/foo/bar'>log in!!</a>
2
1<?php
2$MySecretKey = 'Nobody Will Ever Guess This!!';
3
4// Generate signature from authentication info + secret key
5$sig = hash(
6 'sha256',
7 $user->id . $user->email,
8 $MySecretKey
9);
10
11// Make sure we're redirecting somewhere safe
12$source = parse_url($_GET['source']);
13if(in_array($source->host, $list_of_safe_hosts))
14 $target = 'http://'.$source->host.$source->path;
15
16// Send the authenticated user back to the originating site
17header('Location: '.$target.'?'.
18 'user_id='.$user->id.
19 '&user_email='.urlencode($user->email).
20 '&sig='.$sig);
21?>
22