.
*
*/
// Do not load FS ...
$RUNTIME_NOSETUPFS = true;
require_once('../../lib/base.php');
OC_Util::checkAppEnabled('remoteStorage');
require_once('Sabre/autoload.php');
require_once('lib_remoteStorage.php');
require_once('oauth_ro_auth.php');
ini_set('default_charset', 'UTF-8');
#ini_set('error_reporting', '');
@ob_clean();
//allow use as remote storage for other websites
if(isset($_SERVER['HTTP_ORIGIN'])) {
header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
header('Access-Control-Max-Age: 3600');
header('Access-Control-Allow-Methods: OPTIONS, GET, PUT, DELETE, PROPFIND');
header('Access-Control-Allow-Headers: Authorization, Content-Type');
} else {
header('Access-Control-Allow-Origin: *');
}
$path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"]));
$pathParts = explode('/', $path);
// for webdav:
// 0/ 1 / 2 / 3 / 4 / 5 / 6 / 7
// /$ownCloudUser/remoteStorage/webdav/$userHost/$userName/$dataScope/$key
// for oauth:
// 0/ 1 / 2 / 3 / 4
// /$ownCloudUser/remoteStorage/oauth/auth
if(count($pathParts) == 2 && $pathParts[0] == '') {
//TODO: input checking. these explodes may fail to produces the desired arrays:
$subPathParts = explode('?', $pathParts[1]);
$ownCloudUser = $subPathParts[0];
foreach($_GET as $k => $v) {
if($k=='user_address'){
$userAddress=$v;
} else if($k=='redirect_uri'){
$appUrl=$v;
} else if($k=='scope'){
$categories=$v;
}
}
$currUser = OC_User::getUser();
if($currUser == $ownCloudUser) {
if(isset($_POST['allow'])) {
//TODO: check if this can be faked by editing the cookie in firebug!
$token=OC_remoteStorage::createCategories($appUrl, $categories);
header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer');
} else {
echo '';
}
} else {
if((isset($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'])) {
$url = "https://";
} else {
$url = "http://";
}
$url .= $_SERVER['SERVER_NAME'];
$url .= substr($_SERVER['SCRIPT_NAME'], 0, -strlen('apps/remoteStorage/compat.php'));
die('You are '.($currUser?'logged in as '.$currUser.' instead of '.$ownCloudUser:'not logged in').'. Please '
.''
.', close the pop-up, and '
.'');
}
} else {
//die('please use auth.php/username?params. '.var_export($pathParts, true));
die('please use auth.php/username?params.');
}