if ($k == 'redirect_uri') { $appUrlParts = explode('/', $v); $appUrl = $appUrlParts[2]; //bit dodgy i guess } else { if ($k == 'scope') { $categories = $v; } } } } $currUser = OC_User::getUser(); if ($currUser == $ownCloudUser) { if (isset($_POST['allow'])) { //TODO: check if this can be faked by editing the cookie in firebug! $token = OC_remoteStorage::createCategories($appUrl, $categories); header('Location: ' . $_GET['redirect_uri'] . '#access_token=' . $token . '&token_type=bearer'); } else { ?> <!DOCTYPE html> <html> <head> <title>ownCloud</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="shortcut icon" href="../../../core/img/favicon.png" /><link rel="apple-touch-icon-precomposed" href="../../../core/img/favicon-touch.png" /> <link rel="stylesheet" href="../../../core/css/styles.css" type="text/css" media="screen" /> <link rel="stylesheet" href="../auth.css" type="text/css" media="screen" /> </head> <body id="body-login"> <div id="login"> <header>