if ($currUser == $userId) {
if (isset($_POST['allow'])) {
//TODO: check if this can be faked by editing the cookie in firebug!
$token = OC_remoteStorage::createCategories($appUrl, $categories);
header('Location: ' . $_GET['redirect_uri'] . '#access_token=' . $token . '&token_type=bearer');
} else {
if ($existingToken = OC_remoteStorage::getTokenFor($appUrl, $categories)) {
header('Location: ' . $_GET['redirect_uri'] . '#access_token=' . $existingToken . '&token_type=bearer');
} else {
//params ok, logged in ok, but need to click Allow still:
$appUrlParts = explode('/', $_GET['redirect_uri']);
$host = $appUrlParts[2];
$categories = explode(',', $_GET['scope']);
OCP\Util::addStyle('', 'auth');
OCP\Template::printGuestPage('remoteStorage', 'auth', array('host' => $host, 'categories' => $categories));
}
}
//end 'need to click Allow still'
} else {
//login not ok
if ($currUser) {
die('You are logged in as ' . $currUser . ' instead of ' . htmlentities($userId));
} else {
// this will display the login page for us
OCP\Util::checkLoggedIn();
}
}
} else {
//params not ok
die('please use e.g. ' . OCP\Util::linkTo('remoteStorage', 'auth.php') . '?userid=admin&redirect_uri=http://host/path&scope=...');
}
