Enter your email address and we will send you a link to reset your password.
+ +Please return to the forgot password page to request a new link.
+ +Hello,
"; + $body .= "You requested a password reset. Click the link below to reset your password:
"; + $body .= ""; + $body .= "This link will expire in 30 minutes.
"; + $body .= "If you did not request a password reset, please ignore this email.
"; + + // Use MailService to send the email + $mail_result = MailService::sendMail($email, $subject, $body, strip_tags($body)); + + if (!empty($mail_result['success'])) { + $message = 'A password reset link has been sent to your email address.'; + $message_type = 'success'; + } else { + $message = 'Could not send the password reset email. Please try again later.'; + error_log("MailService Error: " . ($mail_result['error'] ?? 'Unknown error')); + } + } else { + $message = 'No user found with that email address.'; + } + } catch (PDOException $e) { + $message = "Database error: " . $e->getMessage(); + error_log($message); + } catch (Exception $e) { + $message = "An error occurred: " . $e->getMessage(); + error_log($message); + } + } + $_SESSION['message'] = $message; + $_SESSION['message_type'] = $message_type; + header("Location: forgot_password.php"); + exit; +} diff --git a/update_password.php b/update_password.php new file mode 100644 index 0000000..ad30ae5 --- /dev/null +++ b/update_password.php @@ -0,0 +1,52 @@ +prepare("SELECT * FROM password_resets WHERE token = ?"); + $stmt->execute([$token]); + $reset_request = $stmt->fetch(); + + if ($reset_request && $reset_request['expires'] >= date("U")) { + $email = $reset_request['email']; + $hashed_password = password_hash($password, PASSWORD_DEFAULT); + + $stmt = $pdo->prepare("UPDATE users SET password = ? WHERE email = ?"); + $stmt->execute([$hashed_password, $email]); + + // Delete the used token + $stmt = $pdo->prepare("DELETE FROM password_resets WHERE email = ?"); + $stmt->execute([$email]); + + $_SESSION['message'] = 'Your password has been successfully reset. Please log in with your new password.'; + $_SESSION['message_type'] = 'success'; + header("Location: login.php"); + exit; + } else { + $error = "Invalid or expired password reset token."; + } + } catch (PDOException $e) { + $error = "Database error: " . $e->getMessage(); + error_log($error); + } + } + + // If there was an error, redirect back to the reset form with the token + $_SESSION['error'] = $error; + header("Location: reset_password_form.php?token=" . urlencode($token)); + exit; +} \ No newline at end of file