diff --git a/forgot_password.php b/forgot_password.php new file mode 100644 index 00000000..3f642eef --- /dev/null +++ b/forgot_password.php @@ -0,0 +1,74 @@ +prepare("SELECT * FROM users WHERE email = :email"); + $stmt->bindParam(':email', $email); + $stmt->execute(); + $user = $stmt->fetch(PDO::FETCH_ASSOC); + + if ($user) { + // Generate a unique token + $token = bin2hex(random_bytes(50)); + + // Store the token in the password_resets table + $stmt = $db->prepare("DELETE FROM password_resets WHERE email = :email"); + $stmt->bindParam(':email', $email); + $stmt->execute(); + + $stmt = $db->prepare("INSERT INTO password_resets (email, token) VALUES (:email, :token)"); + $stmt->bindParam(':email', $email); + $stmt->bindParam(':token', $token); + $stmt->execute(); + + // Send the password reset email + $reset_link = "http://" . $_SERVER['HTTP_HOST'] . "/reset_password.php?token=" . $token; + $subject = "Password Reset Request"; + $body = "Click on this link to reset your password: ''' . $reset_link . '''"; + + MailService::sendMail($email, $subject, $body, strip_tags($body)); + + $message = "If an account with that email exists, a password reset link has been sent."; + } else { + $message = "If an account with that email exists, a password reset link has been sent."; + } +} + +include 'header.php'; +?> + +
+
+
+
+
+

Forgot Password

+
+
+ +
+ +

Please enter your email address. You will receive a link to create a new password via email.

+
+
+ + +
+ +
+
+
+
+
+
+ + diff --git a/login.php b/login.php index 45b37352..a664378d 100644 --- a/login.php +++ b/login.php @@ -16,6 +16,7 @@

Don't have an account? Sign up

+

Forgot your password?

diff --git a/migrations/20251015_create_password_resets_table.sql b/migrations/20251015_create_password_resets_table.sql new file mode 100644 index 00000000..4014cbca --- /dev/null +++ b/migrations/20251015_create_password_resets_table.sql @@ -0,0 +1,6 @@ +CREATE TABLE IF NOT EXISTS "password_resets" ( + "email" varchar(255) NOT NULL, + "token" varchar(255) NOT NULL, + "created_at" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, + PRIMARY KEY ("email") +); \ No newline at end of file diff --git a/profile.php b/profile.php index c080d2aa..702f5989 100644 --- a/profile.php +++ b/profile.php @@ -18,14 +18,39 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['update_profile'])) { $address = trim($_POST['address']); if (empty($name) || empty($email)) { - $error = "Name and email are required."; + $profile_error = "Name and email are required."; } else { $p_update = $db->prepare("UPDATE users SET name = ?, email = ?, address = ? WHERE id = ?"); $p_update->execute([$name, $email, $address, $user_id]); - $success = "Profile updated successfully!"; + $profile_success = "Profile updated successfully!"; } } +// Handle password change +if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['change_password'])) { + $current_password = $_POST['current_password']; + $new_password = $_POST['new_password']; + $confirm_password = $_POST['confirm_password']; + + $p_user = $db->prepare("SELECT password FROM users WHERE id = ?"); + $p_user->execute([$user_id]); + $user_data = $p_user->fetch(); + + if (empty($current_password) || empty($new_password) || empty($confirm_password)) { + $password_error = "All password fields are required."; + } elseif (!password_verify($current_password, $user_data['password'])) { + $password_error = "Incorrect current password."; + } elseif ($new_password !== $confirm_password) { + $password_error = "New passwords do not match."; + } else { + $hashed_password = password_hash($new_password, PASSWORD_DEFAULT); + $p_pass_update = $db->prepare("UPDATE users SET password = ? WHERE id = ?"); + $p_pass_update->execute([$hashed_password, $user_id]); + $password_success = "Password changed successfully!"; + } +} + + // Fetch user data $p_user = $db->prepare("SELECT * FROM users WHERE id = ?"); $p_user->execute([$user_id]); @@ -35,35 +60,67 @@ $user = $p_user->fetch(); ?>
-

My Profile

-
+
+
+

My Profile

+
- -
- - -
- + +
+ + +
+ -
-
- - + +
+ + +
+
+ + +
+
+ + +
+ +
-
- - +
+

Change Password

+
+ + +
+ + +
+ + +
+
+ + +
+
+ + +
+
+ + +
+ +
-
- - -
- - +
+
View Order History
- + \ No newline at end of file diff --git a/reset_password.php b/reset_password.php new file mode 100644 index 00000000..1b8dd26d --- /dev/null +++ b/reset_password.php @@ -0,0 +1,89 @@ +prepare("SELECT * FROM password_resets WHERE token = :token AND created_at > NOW() - INTERVAL 1 HOUR"); + $stmt->bindParam(':token', $token); + $stmt->execute(); + $reset_request = $stmt->fetch(PDO::FETCH_ASSOC); + + if (!$reset_request) { + $error = "Invalid or expired password reset token."; + } else { + $show_form = true; + $email = $reset_request['email']; + + if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['password']) && isset($_POST['password_confirm'])) { + $password = $_POST['password']; + $password_confirm = $_POST['password_confirm']; + + if ($password !== $password_confirm) { + $error = "Passwords do not match."; + } else { + // Update user's password + $hashed_password = password_hash($password, PASSWORD_DEFAULT); + $stmt = $db->prepare("UPDATE users SET password = :password WHERE email = :email"); + $stmt->bindParam(':password', $hashed_password); + $stmt->bindParam(':email', $email); + $stmt->execute(); + + // Delete the reset token + $stmt = $db->prepare("DELETE FROM password_resets WHERE email = :email"); + $stmt->bindParam(':email', $email); + $stmt->execute(); + + $message = "Your password has been reset successfully. You can now log in with your new password."; + $show_form = false; + } + } + } +} + +include 'header.php'; +?> + +
+
+
+
+
+

Reset Password

+
+
+ +
+ Go to Login + +
+ + + +
+
+ + +
+
+ + +
+ +
+ +
+
+
+
+
+ +