adding user confirmation for external domains

app-code/api/login/redirect.php

@@ -57,12 +57,26 @@ else if ($_SESSION["needs_auth"]===false && $_SESSION["mfa_authenticated"]==1 &&
 	mysqli_stmt_close($stmt);
 	if(!empty($send_to)){
 		$external_domain = is_external_domain($send_to);
-		if ($external_domain !== null && !isset($_SESSION["external_domain_confirmed"])){
-			$data=[
-				'message' => 'external_redirect_warning',
-				'domain' => $external_domain,
-				'redirect' => append_auth_token_to_redirect($send_to, $auth_token)
-			];
+		if ($external_domain !== null){
+			$sql="SELECT id FROM confirmed_domains WHERE user_id = ? AND domain = ?";
+			$stmt = mysqli_prepare($conn, $sql);
+			mysqli_stmt_bind_param($stmt, 'is', $user_id, $external_domain);
+			mysqli_stmt_execute($stmt);
+			mysqli_stmt_store_result($stmt);
+			$domain_confirmed = mysqli_stmt_num_rows($stmt) > 0;
+			mysqli_stmt_close($stmt);
+			if (!$domain_confirmed){
+				$data=[
+					'message' => 'external_redirect_warning',
+					'domain' => $external_domain,
+					'redirect' => append_auth_token_to_redirect($send_to, $auth_token)
+				];
+			}else{
+				$data=[
+					'message' => 'done',
+					'redirect' => append_auth_token_to_redirect($send_to, $auth_token)
+				];
+			}
 		}else{
 			$data=[
 				'message' => 'done',