Added LoginKey support to emails.

2025-03-09 15:40:18 +00:00 · 2020-09-22 17:06:08 -07:00 · 2020-09-22 17:06:08 -07:00 · 98544382db
commit 98544382db
parent c65098c6fa
112 changed files with 265 additions and 218 deletions
--- a/views/message.handlebars
+++ b/views/message.handlebars
@ -47,6 +47,7 @@
        var domainurl = decodeURIComponent('{{{domainurl}}}');
        var arg1 = decodeURIComponent('{{{arg1}}}');
        var arg2 = decodeURIComponent('{{{arg2}}}');
+        var urlargs = parseUriArgs();

        var title = '';
        if (titleid == 1) { title = "Account Verification"; }
@ -70,10 +71,25 @@
            case 9: { msg = "ERROR: Invalid account check."; break; }
            case 10: { msg = "ERROR: Invalid account check, verification url is only valid for 30 minutes."; break; }
        }
-        QH('mainMessage', msg + ' <a href="' + domainurl + '">' + "Go to login page" + '</a>.');
+        QH('mainMessage', msg + ' <a href="' + domainurl + (urlargs.key ? ('?key=' + urlargs.key) : '') + '">' + "Go to login page" + '</a>.');

        function format(format) { var args = Array.prototype.slice.call(arguments, 1); return format.replace(/{(\d+)}/g, function (match, number) { return typeof args[number] != 'undefined' ? args[number] : match; }); };

+        // Parse URL arguments, only keep safe values
+        function parseUriArgs() {
+            var href = window.document.location.href;
+            if (href.endsWith('#')) { href = href.substring(0, href.length - 1); }
+            var name, r = {}, parsedUri = href.split(/[\?&|]/);
+            parsedUri.splice(0, 1);
+            for (var j in parsedUri) {
+                var arg = parsedUri[j], i = arg.indexOf('=');
+                name = arg.substring(0, i);
+                r[name] = arg.substring(i + 1);
+                if (!isSafeString(r[name])) { delete r[name]; } else { var x = parseInt(r[name]); if (x == r[name]) { r[name] = x; } }
+            }
+            return r;
+        }
+
    </script>
 </body>
 </html>