adding redirect warnings to external systems

app-code/api/login/redirect.php

@@ -56,10 +56,19 @@ else if ($_SESSION["needs_auth"]===false && $_SESSION["mfa_authenticated"]==1 &&
 	mysqli_stmt_execute($stmt);
 	mysqli_stmt_close($stmt);
 	if(!empty($send_to)){
-		$data=[
-		        'message' => 'done',
-		        'redirect' => append_auth_token_to_redirect($send_to, $auth_token)
-		];
+		$external_domain = is_external_domain($send_to);
+		if ($external_domain !== null && !isset($_SESSION["external_domain_confirmed"])){
+			$data=[
+				'message' => 'external_redirect_warning',
+				'domain' => $external_domain,
+				'redirect' => append_auth_token_to_redirect($send_to, $auth_token)
+			];
+		}else{
+			$data=[
+				'message' => 'done',
+				'redirect' => append_auth_token_to_redirect($send_to, $auth_token)
+			];
+		}
 	}else{
 		$data=[
 		        'message' => 'done',