AAIT#39909 'anonieme' autorisatie vanuit een link in de bon of e-mail

svn path=/Website/trunk/; revision=33762
2017-05-10 08:18:56 +00:00
parent 444d96bcf3
commit 4bbce877d8
30 changed files with 172 additions and 74 deletions
--- a/APPL/API/shorturl.asp
+++ b/APPL/API/shorturl.asp
@@ -47,17 +47,33 @@ __Log("== Entering shorturl.asp ==");
    }

    var keyparam = getQParamInt("k", -1);
-    var locked_user_key = getQParamInt("locked_user_key", -1);
-/*  // TODO: beschermen met hmac
+    var locked_user_key = getQParamInt("luk", -1);
+    // TODO: beschermen met hmac
    // Daarom nog niet geactiveerd
    if (locked_user_key > 0)
    {
-        Session("locked_user_key") = locked_user_key;
-        var user_allowed = Session("locked_user_allowed");
-        Session("locked_user_allowed") = {};
-        Session("locked_user_allowed")[u] = keyparam; //  TODO: Array voor als je meerdere tabjes open hebt
+        var user_allowed = Session("locked_user_allowed") || []; // Array voor als je meerdere tabjes open hebt
+        var found = false;
+        for (var i = 0; i < user_allowed.length; i++)
+        {
+            if (user_allowed[i].locked_user_key == locked_user_key &&
+                user_allowed[i].xmlnode == u &&
+                user_allowed[i].key == keyparam)
+            {
+                found = true;
+                break;
+            }
+        }
+        if (!found)
+        {
+            user_allowed.push({ locked_user_key: locked_user_key,
+                                xmlnode: u,
+                                key: keyparam
+                              })
+            Session("locked_user_allowed") = user_allowed;
+        }
    }
-*/
+
    // For flexiblity reasons: Literal or runtime parameter(s), just pass through...
    var rest = String(Request.ServerVariables("QUERY_STRING")); // Request.ServerVariables("QUERY_STRING") is url-encoded,
                                                                // dat is hier safer dan Request.QueryString