From 9bc03d51154335b2c61d5e1a30f79aba399120d2 Mon Sep 17 00:00:00 2001
From: Flatlogic Bot <support@flatlogic.com>
Date: Wed, 5 Nov 2025 08:37:05 +0000
Subject: [PATCH] forgot password

---
 db/config.php           |  7 ++++
 forgot_password.php     | 67 ++++++++++++++++++++++++++++++++
 login.php               |  3 ++
 reset_password_form.php | 85 +++++++++++++++++++++++++++++++++++++++++
 send_reset_link.php     | 61 +++++++++++++++++++++++++++++
 update_password.php     | 52 +++++++++++++++++++++++++
 6 files changed, 275 insertions(+)
 create mode 100644 forgot_password.php
 create mode 100644 reset_password_form.php
 create mode 100644 send_reset_link.php
 create mode 100644 update_password.php

diff --git a/db/config.php b/db/config.php
index bf88243..0f9a7ad 100644
--- a/db/config.php
+++ b/db/config.php
@@ -46,6 +46,13 @@ function db() {
                 submission_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
                 FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
             );");
+
+            $pdo->exec("CREATE TABLE IF NOT EXISTS password_resets (
+                id INT AUTO_INCREMENT PRIMARY KEY,
+                email VARCHAR(255) NOT NULL,
+                token VARCHAR(255) NOT NULL UNIQUE,
+                expires_at TIMESTAMP NOT NULL
+            );");
         } catch (PDOException $e) {
             error_log('Database setup failed: ' . $e->getMessage());
             // You could display a generic error page here instead of dying
diff --git a/forgot_password.php b/forgot_password.php
new file mode 100644
index 0000000..d828efc
--- /dev/null
+++ b/forgot_password.php
@@ -0,0 +1,67 @@
+<?php
+session_start();
+include_once 'db/config.php';
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Forgot Password - E-Waste Reclaimer</title>
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
+    <link rel="stylesheet" href="assets/css/custom.css">
+</head>
+<body>
+    <nav class="navbar navbar-expand-lg navbar-dark bg-success">
+        <div class="container-fluid">
+            <a class="navbar-brand" href="index.php">E-Waste Reclaimer</a>
+            <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false" aria-label="Toggle navigation">
+                <span class="navbar-toggler-icon"></span>
+            </button>
+            <div class="collapse navbar-collapse" id="navbarNav">
+                <ul class="navbar-nav ms-auto">
+                    <li class="nav-item"><a class="nav-link" href="index.php">Home</a></li>
+                    <?php if (isset($_SESSION['user_id'])): ?>
+                        <li class="nav-item"><a class="nav-link" href="dashboard.php">Dashboard</a></li>
+                        <li class="nav-item"><a class="nav-link" href="logout.php">Logout</a></li>
+                    <?php else: ?>
+                        <li class="nav-item"><a class="nav-link" href="login.php">Login</a></li>
+                        <li class="nav-item"><a class="nav-link" href="register.php">Register</a></li>
+                    <?php endif; ?>
+                </ul>
+            </div>
+        </div>
+    </nav>
+
+    <div class="container mt-5">
+        <div class="row justify-content-center">
+            <div class="col-md-6">
+                <div class="card">
+                    <div class="card-header bg-success text-white">
+                        <h4>Forgot Password</h4>
+                    </div>
+                    <div class="card-body">
+                        <?php if (isset($_SESSION['message'])): ?>
+                            <div class="alert alert-<?php echo $_SESSION['message_type']; ?> alert-dismissible fade show" role="alert">
+                                <?php echo $_SESSION['message']; ?>
+                                <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
+                            </div>
+                            <?php unset($_SESSION['message'], $_SESSION['message_type']); ?>
+                        <?php endif; ?>
+                        <p>Enter your email address and we will send you a link to reset your password.</p>
+                        <form action="send_reset_link.php" method="post">
+                            <div class="mb-3">
+                                <label for="email" class="form-label">Email address</label>
+                                <input type="email" class="form-control" id="email" name="email" required>
+                            </div>
+                            <button type="submit" class="btn btn-success w-100">Send Password Reset Link</button>
+                        </form>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+
+    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
+</body>
+</html>
\ No newline at end of file
diff --git a/login.php b/login.php
index 36c8cc6..50ba462 100644
--- a/login.php
+++ b/login.php
@@ -109,6 +109,9 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
                             <div class="d-grid">
                                 <button type="submit" class="btn btn-primary">Login</button>
                             </div>
+                            <div class="text-center mt-3">
+                                <a href="forgot_password.php">Forgot Password?</a>
+                            </div>
                         </form>
                     </div>
                 </div>
diff --git a/reset_password_form.php b/reset_password_form.php
new file mode 100644
index 0000000..327a1a9
--- /dev/null
+++ b/reset_password_form.php
@@ -0,0 +1,85 @@
+<?php
+session_start();
+require_once 'db/config.php';
+
+$token = $_GET['token'] ?? '';
+$error = '';
+$token_valid = false;
+
+if (empty($token)) {
+    $error = "Invalid password reset token.";
+} else {
+    try {
+        $pdo = db();
+        $stmt = $pdo->prepare("SELECT * FROM password_resets WHERE token = ?");
+        $stmt->execute([$token]);
+        $reset_request = $stmt->fetch();
+
+        if ($reset_request) {
+            if ($reset_request['expires'] >= date("U")) {
+                $token_valid = true;
+            } else {
+                $error = "Password reset token has expired.";
+            }
+        } else {
+            $error = "Invalid password reset token.";
+        }
+    } catch (PDOException $e) {
+        $error = "Database error: " . $e->getMessage();
+        error_log($error);
+    }
+}
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Reset Password - E-Waste Reclaimer</title>
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
+    <link rel="stylesheet" href="assets/css/custom.css">
+</head>
+<body>
+    <nav class="navbar navbar-expand-lg navbar-dark bg-success">
+        <div class="container-fluid">
+            <a class="navbar-brand" href="index.php">E-Waste Reclaimer</a>
+        </div>
+    </nav>
+
+    <div class="container mt-5">
+        <div class="row justify-content-center">
+            <div class="col-md-6">
+                <div class="card">
+                    <div class="card-header bg-success text-white">
+                        <h4>Reset Password</h4>
+                    </div>
+                    <div class="card-body">
+                        <?php if (!empty($error)): ?>
+                            <div class="alert alert-danger"><?php echo htmlspecialchars($error); ?></div>
+                        <?php endif; ?>
+
+                        <?php if ($token_valid): ?>
+                            <form action="update_password.php" method="post">
+                                <input type="hidden" name="token" value="<?php echo htmlspecialchars($token); ?>">
+                                <div class="mb-3">
+                                    <label for="password" class="form-label">New Password</label>
+                                    <input type="password" class="form-control" id="password" name="password" required>
+                                </div>
+                                <div class="mb-3">
+                                    <label for="password_confirm" class="form-label">Confirm New Password</label>
+                                    <input type="password" class="form-control" id="password_confirm" name="password_confirm" required>
+                                </div>
+                                <button type="submit" class="btn btn-success w-100">Reset Password</button>
+                            </form>
+                        <?php else: ?>
+                            <p>Please return to the <a href="forgot_password.php">forgot password</a> page to request a new link.</p>
+                        <?php endif; ?>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+
+    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
+</body>
+</html>
\ No newline at end of file
diff --git a/send_reset_link.php b/send_reset_link.php
new file mode 100644
index 0000000..45523b3
--- /dev/null
+++ b/send_reset_link.php
@@ -0,0 +1,61 @@
+<?php
+session_start();
+require_once 'db/config.php';
+require_once 'mail/MailService.php';
+
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+    $email = trim($_POST['email']);
+    $message = '';
+    $message_type = 'danger';
+
+    if (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
+        $message = 'A valid email is required.';
+    } else {
+        try {
+            $pdo = db();
+            $stmt = $pdo->prepare("SELECT id FROM users WHERE email = ?");
+            $stmt->execute([$email]);
+            $user = $stmt->fetch();
+
+            if ($user) {
+                $token = bin2hex(random_bytes(50));
+                $expires = date("U") + 1800; // 30 minutes
+
+                $stmt = $pdo->prepare("INSERT INTO password_resets (email, token, expires) VALUES (?, ?, ?)");
+                $stmt->execute([$email, $token, $expires]);
+
+                $reset_link = "http://" . $_SERVER['HTTP_HOST'] . "/reset_password_form.php?token=" . $token;
+                
+                $subject = "Password Reset Request";
+                $body = "<p>Hello,</p>";
+                $body .= "<p>You requested a password reset. Click the link below to reset your password:</p>";
+                $body .= "<p><a href='" . $reset_link . "'>" . $reset_link . "</a></p>";
+                $body .= "<p>This link will expire in 30 minutes.</p>";
+                $body .= "<p>If you did not request a password reset, please ignore this email.</p>";
+
+                // Use MailService to send the email
+                $mail_result = MailService::sendMail($email, $subject, $body, strip_tags($body));
+
+                if (!empty($mail_result['success'])) {
+                    $message = 'A password reset link has been sent to your email address.';
+                    $message_type = 'success';
+                } else {
+                    $message = 'Could not send the password reset email. Please try again later.';
+                    error_log("MailService Error: " . ($mail_result['error'] ?? 'Unknown error'));
+                }
+            } else {
+                $message = 'No user found with that email address.';
+            }
+        } catch (PDOException $e) {
+            $message = "Database error: " . $e->getMessage();
+            error_log($message);
+        } catch (Exception $e) {
+            $message = "An error occurred: " . $e->getMessage();
+            error_log($message);
+        }
+    }
+    $_SESSION['message'] = $message;
+    $_SESSION['message_type'] = $message_type;
+    header("Location: forgot_password.php");
+    exit;
+}
diff --git a/update_password.php b/update_password.php
new file mode 100644
index 0000000..ad30ae5
--- /dev/null
+++ b/update_password.php
@@ -0,0 +1,52 @@
+<?php
+session_start();
+require_once 'db/config.php';
+
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+    $token = $_POST['token'] ?? '';
+    $password = $_POST['password'] ?? '';
+    $password_confirm = $_POST['password_confirm'] ?? '';
+    $error = '';
+
+    if (empty($token) || empty($password) || empty($password_confirm)) {
+        $error = "All fields are required.";
+    } elseif ($password !== $password_confirm) {
+        $error = "Passwords do not match.";
+    } elseif (strlen($password) < 8) {
+        $error = "Password must be at least 8 characters long.";
+    } else {
+        try {
+            $pdo = db();
+            $stmt = $pdo->prepare("SELECT * FROM password_resets WHERE token = ?");
+            $stmt->execute([$token]);
+            $reset_request = $stmt->fetch();
+
+            if ($reset_request && $reset_request['expires'] >= date("U")) {
+                $email = $reset_request['email'];
+                $hashed_password = password_hash($password, PASSWORD_DEFAULT);
+
+                $stmt = $pdo->prepare("UPDATE users SET password = ? WHERE email = ?");
+                $stmt->execute([$hashed_password, $email]);
+
+                // Delete the used token
+                $stmt = $pdo->prepare("DELETE FROM password_resets WHERE email = ?");
+                $stmt->execute([$email]);
+
+                $_SESSION['message'] = 'Your password has been successfully reset. Please log in with your new password.';
+                $_SESSION['message_type'] = 'success';
+                header("Location: login.php");
+                exit;
+            } else {
+                $error = "Invalid or expired password reset token.";
+            }
+        } catch (PDOException $e) {
+            $error = "Database error: " . $e->getMessage();
+            error_log($error);
+        }
+    }
+
+    // If there was an error, redirect back to the reset form with the token
+    $_SESSION['error'] = $error;
+    header("Location: reset_password_form.php?token=" . urlencode($token));
+    exit;
+}
\ No newline at end of file