admin/35491-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

forgot password

Browse Source
This commit is contained in:
Flatlogic Bot 2025-11-05 08:37:05 +00:00
parent cf1ff1d401
commit 9bc03d5115
6 changed files with 275 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
db/config.php
View File

@ -46,6 +46,13 @@ function db() {
submission_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
);");
$pdo->exec("CREATE TABLE IF NOT EXISTS password_resets (
id INT AUTO_INCREMENT PRIMARY KEY,
email VARCHAR(255) NOT NULL,
token VARCHAR(255) NOT NULL UNIQUE,
expires_at TIMESTAMP NOT NULL
);");
} catch (PDOException $e) {
error_log('Database setup failed: ' . $e->getMessage());
// You could display a generic error page here instead of dying

67
forgot_password.php Normal file
View File

@ -0,0 +1,67 @@
<?php
session_start();
include_once 'db/config.php';
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Forgot Password - E-Waste Reclaimer</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="assets/css/custom.css">
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-dark bg-success">
<div class="container-fluid">
<a class="navbar-brand" href="index.php">E-Waste Reclaimer</a>
<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarNav">
<ul class="navbar-nav ms-auto">
<li class="nav-item"><a class="nav-link" href="index.php">Home</a></li>
<?php if (isset($_SESSION['user_id'])): ?>
<li class="nav-item"><a class="nav-link" href="dashboard.php">Dashboard</a></li>
<li class="nav-item"><a class="nav-link" href="logout.php">Logout</a></li>
<?php else: ?>
<li class="nav-item"><a class="nav-link" href="login.php">Login</a></li>
<li class="nav-item"><a class="nav-link" href="register.php">Register</a></li>
<?php endif; ?>
</ul>
</div>
</div>
</nav>
<div class="container mt-5">
<div class="row justify-content-center">
<div class="col-md-6">
<div class="card">
<div class="card-header bg-success text-white">
<h4>Forgot Password</h4>
</div>
<div class="card-body">
<?php if (isset($_SESSION['message'])): ?>
<div class="alert alert-<?php echo $_SESSION['message_type']; ?> alert-dismissible fade show" role="alert">
<?php echo $_SESSION['message']; ?>
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
</div>
<?php unset($_SESSION['message'], $_SESSION['message_type']); ?>
<?php endif; ?>
<p>Enter your email address and we will send you a link to reset your password.</p>
<form action="send_reset_link.php" method="post">
<div class="mb-3">
<label for="email" class="form-label">Email address</label>
<input type="email" class="form-control" id="email" name="email" required>
</div>
<button type="submit" class="btn btn-success w-100">Send Password Reset Link</button>
</form>
</div>
</div>
</div>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>

3
login.php
View File

@ -109,6 +109,9 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
<div class="d-grid">
<button type="submit" class="btn btn-primary">Login</button>
</div>
<div class="text-center mt-3">
<a href="forgot_password.php">Forgot Password?</a>
</div>
</form>
</div>
</div>

85
reset_password_form.php Normal file
View File

@ -0,0 +1,85 @@
<?php
session_start();
require_once 'db/config.php';
$token = $_GET['token'] ?? '';
$error = '';
$token_valid = false;
if (empty($token)) {
$error = "Invalid password reset token.";
} else {
try {
$pdo = db();
$stmt = $pdo->prepare("SELECT * FROM password_resets WHERE token = ?");
$stmt->execute([$token]);
$reset_request = $stmt->fetch();
if ($reset_request) {
if ($reset_request['expires'] >= date("U")) {
$token_valid = true;
} else {
$error = "Password reset token has expired.";
}
} else {
$error = "Invalid password reset token.";
}
} catch (PDOException $e) {
$error = "Database error: " . $e->getMessage();
error_log($error);
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Reset Password - E-Waste Reclaimer</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="assets/css/custom.css">
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-dark bg-success">
<div class="container-fluid">
<a class="navbar-brand" href="index.php">E-Waste Reclaimer</a>
</div>
</nav>
<div class="container mt-5">
<div class="row justify-content-center">
<div class="col-md-6">
<div class="card">
<div class="card-header bg-success text-white">
<h4>Reset Password</h4>
</div>
<div class="card-body">
<?php if (!empty($error)): ?>
<div class="alert alert-danger"><?php echo htmlspecialchars($error); ?></div>
<?php endif; ?>
<?php if ($token_valid): ?>
<form action="update_password.php" method="post">
<input type="hidden" name="token" value="<?php echo htmlspecialchars($token); ?>">
<div class="mb-3">
<label for="password" class="form-label">New Password</label>
<input type="password" class="form-control" id="password" name="password" required>
</div>
<div class="mb-3">
<label for="password_confirm" class="form-label">Confirm New Password</label>
<input type="password" class="form-control" id="password_confirm" name="password_confirm" required>
</div>
<button type="submit" class="btn btn-success w-100">Reset Password</button>
</form>
<?php else: ?>
<p>Please return to the <a href="forgot_password.php">forgot password</a> page to request a new link.</p>
<?php endif; ?>
</div>
</div>
</div>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>

61
send_reset_link.php Normal file
View File

@ -0,0 +1,61 @@
<?php
session_start();
require_once 'db/config.php';
require_once 'mail/MailService.php';
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$email = trim($_POST['email']);
$message = '';
$message_type = 'danger';
if (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
$message = 'A valid email is required.';
} else {
try {
$pdo = db();
$stmt = $pdo->prepare("SELECT id FROM users WHERE email = ?");
$stmt->execute([$email]);
$user = $stmt->fetch();
if ($user) {
$token = bin2hex(random_bytes(50));
$expires = date("U") + 1800; // 30 minutes
$stmt = $pdo->prepare("INSERT INTO password_resets (email, token, expires) VALUES (?, ?, ?)");
$stmt->execute([$email, $token, $expires]);
$reset_link = "http://" . $_SERVER['HTTP_HOST'] . "/reset_password_form.php?token=" . $token;
$subject = "Password Reset Request";
$body = "<p>Hello,</p>";
$body .= "<p>You requested a password reset. Click the link below to reset your password:</p>";
$body .= "<p><a href='" . $reset_link . "'>" . $reset_link . "</a></p>";
$body .= "<p>This link will expire in 30 minutes.</p>";
$body .= "<p>If you did not request a password reset, please ignore this email.</p>";
// Use MailService to send the email
$mail_result = MailService::sendMail($email, $subject, $body, strip_tags($body));
if (!empty($mail_result['success'])) {
$message = 'A password reset link has been sent to your email address.';
$message_type = 'success';
} else {
$message = 'Could not send the password reset email. Please try again later.';
error_log("MailService Error: " . ($mail_result['error'] ?? 'Unknown error'));
}
} else {
$message = 'No user found with that email address.';
}
} catch (PDOException $e) {
$message = "Database error: " . $e->getMessage();
error_log($message);
} catch (Exception $e) {
$message = "An error occurred: " . $e->getMessage();
error_log($message);
}
}
$_SESSION['message'] = $message;
$_SESSION['message_type'] = $message_type;
header("Location: forgot_password.php");
exit;
}

52
update_password.php Normal file
View File

@ -0,0 +1,52 @@
<?php
session_start();
require_once 'db/config.php';
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$token = $_POST['token'] ?? '';
$password = $_POST['password'] ?? '';
$password_confirm = $_POST['password_confirm'] ?? '';
$error = '';
if (empty($token) || empty($password) || empty($password_confirm)) {
$error = "All fields are required.";
} elseif ($password !== $password_confirm) {
$error = "Passwords do not match.";
} elseif (strlen($password) < 8) {
$error = "Password must be at least 8 characters long.";
} else {
try {
$pdo = db();
$stmt = $pdo->prepare("SELECT * FROM password_resets WHERE token = ?");
$stmt->execute([$token]);
$reset_request = $stmt->fetch();
if ($reset_request && $reset_request['expires'] >= date("U")) {
$email = $reset_request['email'];
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$stmt = $pdo->prepare("UPDATE users SET password = ? WHERE email = ?");
$stmt->execute([$hashed_password, $email]);
// Delete the used token
$stmt = $pdo->prepare("DELETE FROM password_resets WHERE email = ?");
$stmt->execute([$email]);
$_SESSION['message'] = 'Your password has been successfully reset. Please log in with your new password.';
$_SESSION['message_type'] = 'success';
header("Location: login.php");
exit;
} else {
$error = "Invalid or expired password reset token.";
}
} catch (PDOException $e) {
$error = "Database error: " . $e->getMessage();
error_log($error);
}
}
// If there was an error, redirect back to the reset form with the token
$_SESSION['error'] = $error;
header("Location: reset_password_form.php?token=" . urlencode($token));
exit;
}