Server side
trait LoginzaTrait {
public function login($data) : ?array {
$privKey = '...'; // LoginzaPK
$res = openssl_get_privatekey($privKey);
$str = base64_decode($data);
openssl_private_decrypt($str, $loginza, $res);
return json_decode($loginza, true);
}
}
class LoginController
{
use LoginzaTrait;
...
public function actionLoginza() { // handles /loginza POST request
$result = [
'success' => false
];
if ($_POST && isset($_POST['loginza'])) {
$loginza = $this->login($_POST['loginza']);
// check if action on mobile device happened 3 seconds ago, for security reason (usually less than 1 second)
$milliseconds = microtime(true) * 1000 - 3000;
// $loginza['device'] -- contains unique device identifier, this check can improve security level
if (isset($loginza['email']) && isset($loginza['timestamp']) && $loginza['timestamp'] > $milliseconds) {
$user = User::findByEmail($loginza['email']);
if ($user != null) {
// Check if user is blocked, etc.
} else {
$user = new User();
// create new user with $loginza['email'] & $loginza['name'];
}
MyFrameWork->login($user); // depends on your framework
$result['success'] = true;
}
}
return $result;
}
}
Client side
<iframe
src="https://loginza.app/v1/index/init/{LoginzaAPIKey}"
frameborder="0"
style="width: 272px; height: 316px; overflow: hidden;"
scrolling="no"
class="loginza">
</iframe>
<script>
window.addEventListener("message", receiveMessage, false);
function receiveMessage(event) {
$.post(
'/loginza',
{'loginza': event.data},
function(data) {
if (data.success) {
// user logged in successfully, so 401 won't happen in account area, go there!
window.location.href = "/account";
}
}
);
}
</script>