. * */ // Do not load FS ... $RUNTIME_NOSETUPFS = true; require_once('../../lib/base.php'); OC_Util::checkAppEnabled('remoteStorage'); require_once('Sabre/autoload.php'); require_once('lib_remoteStorage.php'); require_once('oauth_ro_auth.php'); ini_set('default_charset', 'UTF-8'); #ini_set('error_reporting', ''); @ob_clean(); //allow use as remote storage for other websites if(isset($_SERVER['HTTP_ORIGIN'])) { header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']); header('Access-Control-Max-Age: 3600'); header('Access-Control-Allow-Methods: OPTIONS, GET, PUT, DELETE, PROPFIND'); header('Access-Control-Allow-Headers: Authorization, Content-Type'); } else { header('Access-Control-Allow-Origin: *'); } $path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"])); $pathParts = explode('/', $path); // for webdav: // 0/ 1 / 2 / 3 / 4 / 5 / 6 / 7 // /$ownCloudUser/remoteStorage/webdav/$userHost/$userName/$dataScope/$key // for oauth: // 0/ 1 / 2 / 3 / 4 // /$ownCloudUser/remoteStorage/oauth/auth if(count($pathParts) == 2 && $pathParts[0] == '') { //TODO: input checking. these explodes may fail to produces the desired arrays: $subPathParts = explode('?', $pathParts[1]); $ownCloudUser = $subPathParts[0]; foreach($_GET as $k => $v) { if($k=='user_address'){ $userAddress=$v; } else if($k=='redirect_uri'){ $appUrl=$v; } else if($k=='scope'){ $category=$v; } } $currUser = OC_User::getUser(); if($currUser == $ownCloudUser) { if(isset($_POST['allow'])) { //TODO: check if this can be faked by editing the cookie in firebug! $token=OC_remoteStorage::createCategory($appUrl, $category); header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer'); } else { echo '
'; } } else { if((isset($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'])) { $url = "https://"; } else { $url = "http://"; } $url .= $_SERVER['SERVER_NAME']; $url .= substr($_SERVER['SCRIPT_NAME'], 0, -strlen('apps/remoteStorage/compat.php')); die('You are '.($currUser?'logged in as '.$currUser.' instead of '.$ownCloudUser:'not logged in').'. Please ' .'' .', close the pop-up, and ' .''); } } else { die('please use auth.php/username?params. '.var_export($pathParts, true)); }