0

I'm sending users an email. In this email they must click a link that brings them to the login page of my site:
www.testsite/login

I'd like the username(Email address) to be prepopulated for them.

I was thinking of simply adjusting the link sent to them to include it like so:
www.testsite/login?email=tester@test.com

I can then use some javascript to pull this info and place it in the form field.

I'd like people thought's on this approach.
Is it safe? Is there a better or easier way to achieve it? Is there any problems with this approach?

My app uses grails 1.3.7 by the way.

Thanks

tim_yates
  • 167,322
  • 27
  • 342
  • 338
Thomas Buckley
  • 5,836
  • 19
  • 62
  • 110
  • Cookie is a lot safer .. Otherwise a session.. Why do you want to show it in Query string – Sushanth -- Nov 08 '12 at 16:23
  • 2
    Instead of using javascript to prepopulate the input, why not do it server side? – Salketer Nov 08 '12 at 16:25
  • 1
    absolutely server side. If you can send them an email, then you can generate a unique ID of some sort. Put that ID in the query string and then look that id up and then put the email in the form from the server. – Hardrada Nov 08 '12 at 16:33
  • Ok.....I've left out some vital info. I'm not actually sending the email from my server. An admin user click's a link on my 'admin' app. This app then open's the user's default email client and prepopulates with 'to','subject' and 'body' which contains the link to click. The admin user then sends the email from their email client. The person in the 'To' fields receive the email and they click the link! It's this user's email that I want prepopulated in the consumer app. – Thomas Buckley Nov 08 '12 at 16:46
  • You can stil do it on the server side. When they click the link in the email, it should hit a controller which can grab the email, put in request scope, then render your form with the email populated. – Gregg Nov 08 '12 at 17:02

1 Answers1

0

Though it would probably be better to pre-populate it on the server side, here is a modification of another answer on Stack Overflow:

function getEmailFromUrl(){
   var regexS = "[\\?#&]email=([^&#]*)";
   var regex = new RegExp(regexS);
   var results = regex.exec(window.location.search);
   if(results == null) return "";
   else return decodeURIComponent(results[1].replace(/\+/g, " "));
}

Then, use that the result of that function to populate the textbox:

document.getElementById('email_address').value=getEmailFromUrl();

Hope this helps.

Community
  • 1
  • 1
Joshua Dwire
  • 5,415
  • 5
  • 29
  • 50
  • For those of you who are wondering where `decodeURIComponent` comes from, it is actually a native JavaScript function. See http://www.w3schools.com/jsref/jsref_decodeuricomponent.asp. – Joshua Dwire Nov 08 '12 at 16:35