35296-vm/forgot_password.php

<?php
declare(strict_types=1);
@ini_set('display_errors', '1');
@error_reporting(E_ALL);
@date_default_timezone_set('UTC');

require_once __DIR__ . '/db/config.php';
require_once __DIR__ . '/mail/MailService.php';

$message = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $email = $_POST['email'] ?? '';

    if (empty($email)) {
        $message = 'Please enter your email address.';
    } else {
        try {
            $pdo = db();
            $stmt = $pdo->prepare("SELECT * FROM users WHERE email = ?");
            $stmt->execute([$email]);
            $user = $stmt->fetch();

            if ($user) {
                // Generate a unique token
                $token = bin2hex(random_bytes(32));

                // Set expiration date to 1 hour from now
                $expires_at = date('Y-m-d H:i:s', strtotime('+1 hour'));

                // Store the token in the database
                $stmt = $pdo->prepare("INSERT INTO password_resets (email, token, expires_at) VALUES (?, ?, ?)");
                $stmt->execute([$email, $token, $expires_at]);

                // Send the password reset link
                $reset_link = 'http://' . $_SERVER['HTTP_HOST'] . '/reset_password.php?token=' . $token;
                
                // For now, we just display the link. Later we will send it by email.
                $message = 'Password reset link: <a href="' . $reset_link . '">' . $reset_link . '</a>';

            } else {
                $message = 'If your email address exists in our database, you will receive a password reset link.';
            }
        } catch (PDOException $e) {
            $message = 'Database error: ' . $e->getMessage();
        }
    }
}

require_once __DIR__ . '/includes/header.php';
?>

<div class="container">
    <div class="row">
        <div class="col-md-6 offset-md-3">
            <h2>Forgot Password</h2>
            <p>Please enter your email address to receive a password reset link.</p>
            
            <?php if ($message): ?>
                <div class="alert alert-info" role="alert">
                    <?php echo $message; ?>
                </div>
            <?php endif; ?>

            <form method="POST">
                <div class="mb-3">
                    <label for="email" class="form-label">Email address</label>
                    <input type="email" class="form-control" id="email" name="email" required>
                </div>
                <button type="submit" class="btn btn-primary">Send Reset Link</button>
            </form>
        </div>
    </div>
</div>

<?php require_once __DIR__ . '/includes/footer.php'; ?>