<?php
$MySecretKey = 'Nobody Will Ever Guess This!!';
// Generate signature from authentication info + secret key
$sig = hash(
'sha256',
$user->id . $user->email,
$MySecretKey
);
// Make sure we're redirecting somewhere safe
$source = parse_url($_GET['source']);
if(in_array($source->host, $list_of_safe_hosts))
$target = 'http://'.$source->host.$source->path;
// Send the authenticated user back to the originating site
header('Location: '.$target.'?'.
'user_id='.$user->id.
'&user_email='.urlencode($user->email).
'&sig='.$sig);
?>