diff --git a/forgot-password.php b/forgot-password.php index 8181b05..88933c4 100644 --- a/forgot-password.php +++ b/forgot-password.php @@ -26,8 +26,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { $update = db()->prepare('UPDATE users SET reset_token = ?, reset_expires_at = ? WHERE id = ?'); $update->execute([$token, $expiry, $user['id']]); - $host = $_SERVER['HTTP_HOST']; - $protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http'; + $host = $_SERVER['HTTP_HOST'] ?? 'localhost'; + $protocol = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') ? 'https' : 'http'; $reset_link = "$protocol://$host/reset-password.php?token=$token"; $subject = 'Reset Your Password'; @@ -47,7 +47,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { "; $text = "Hello $name,\n\nYou recently requested to reset your password for your $project_name account. Copy and paste the link below into your browser to reset it. This link is valid for 1 hour.\n\n$reset_link\n\nIf you did not request a password reset, please ignore this email."; - $res = MailService::sendMail($email, $subject, $html, $text); + $res = MailService::sendMail($email, $subject, $html, $text); if (!empty($res['success'])) { $success = 'If an account exists for that email, you will receive a password reset link shortly.'; @@ -120,4 +120,4 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { - + \ No newline at end of file diff --git a/mail/MailService.php b/mail/MailService.php index d801067..d068ea6 100644 --- a/mail/MailService.php +++ b/mail/MailService.php @@ -232,4 +232,4 @@ class MailService $html = nl2br(htmlspecialchars($body, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8')); return self::sendMail($to, $subject, $html, $body, $opts); } -} +} \ No newline at end of file diff --git a/resend-verification.php b/resend-verification.php index e0b45aa..01840c7 100644 --- a/resend-verification.php +++ b/resend-verification.php @@ -28,8 +28,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' || isset($_GET['email'])) { $stmt = $db->prepare('UPDATE users SET verification_token = ? WHERE id = ?'); if ($stmt->execute([$token, $user['id']])) { // Send verification email - $proto = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http'; - $host = $_SERVER['HTTP_HOST']; + $proto = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') ? 'https' : 'http'; + $host = $_SERVER['HTTP_HOST'] ?? 'localhost'; $verify_link = "$proto://$host/verify.php?token=$token"; $subject = "Verify your account - $project_name"; @@ -56,9 +56,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' || isset($_GET['email'])) { } } } else { - // We don't want to reveal if an email exists, but in this specific context (resend activation), - // it's usually okay or we can say "If an account exists, a link was sent". - // However, the original signup reveals it, so let's just say not found for simplicity here. $error = 'No account found with this email address.'; } } @@ -124,4 +121,4 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' || isset($_GET['email'])) { - + \ No newline at end of file diff --git a/signup.php b/signup.php index d139e06..ddf9ceb 100644 --- a/signup.php +++ b/signup.php @@ -37,8 +37,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { $stmt = $db->prepare('INSERT INTO users (name, email, password, is_verified, verification_token) VALUES (?, ?, ?, 0, ?)'); if ($stmt->execute([$name, $email, $hashed_password, $token])) { // Send verification email - $proto = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http'; - $host = $_SERVER['HTTP_HOST']; + $proto = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') ? 'https' : 'http'; + $host = $_SERVER['HTTP_HOST'] ?? 'localhost'; $verify_link = "$proto://$host/verify.php?token=$token"; $subject = "Verify your account - $project_name"; @@ -151,4 +151,4 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { - + \ No newline at end of file