} else { if ($k == 'scope') { $categories = htmlentities($v); } } } } $currUser = OCP\USER::getUser(); if ($userId && $appUrl && $categories) { if ($currUser == $userId) { if (isset($_POST['allow'])) { //TODO: check if this can be faked by editing the cookie in firebug! $token = OC_remoteStorage::createCategories($appUrl, $categories); header('Location: ' . $_GET['redirect_uri'] . '#access_token=' . $token . '&token_type=bearer'); } else { if ($existingToken = OC_remoteStorage::getTokenFor($appUrl, $categories)) { header('Location: ' . $_GET['redirect_uri'] . '#access_token=' . $existingToken . '&token_type=bearer'); } else { //params ok, logged in ok, but need to click Allow still: $appUrlParts = explode('/', $_GET['redirect_uri']); $host = $appUrlParts[2]; $categories = explode(',', $_GET['scope']); OCP\Util::addStyle('', 'auth'); OCP\Template::printGuestPage('remoteStorage', 'auth', array('host' => $host, 'categories' => $categories)); } } //end 'need to click Allow still' } else { //login not ok if ($currUser) { die('You are logged in as ' . $currUser . ' instead of ' . htmlentities($userId));