89 lines
3.8 KiB
PHP
89 lines
3.8 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
require_once __DIR__ . '/db/config.php';
|
|
require_once __DIR__ . '/includes/auth_helper.php';
|
|
require_once __DIR__ . '/mail/MailService.php';
|
|
|
|
$success = false;
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$email = $_POST['email'] ?? '';
|
|
$ip = Auth::getIpAddress();
|
|
|
|
// Record attempt for security tracking
|
|
Auth::recordResetAttempt($email, $ip);
|
|
|
|
$stmt = db()->prepare("SELECT id FROM users WHERE email = ? LIMIT 1");
|
|
$stmt->execute([$email]);
|
|
$user = $stmt->fetch();
|
|
|
|
if ($user) {
|
|
$token = bin2hex(random_bytes(32));
|
|
$expires = date('Y-m-d H:i:s', strtotime('+1 hour'));
|
|
|
|
$stmt = db()->prepare("INSERT INTO password_resets (email, token, expires_at) VALUES (?, ?, ?)");
|
|
$stmt->execute([$email, $token, $expires]);
|
|
|
|
// Send Email
|
|
$resetLink = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://$_SERVER[HTTP_HOST]/reset_password.php?token=$token";
|
|
$subject = "Password Reset Request";
|
|
$html = "
|
|
<h3>Password Reset Request</h3>
|
|
<p>We received a request to reset your password for SR&ED Manager.</p>
|
|
<p>Click the link below to set a new password. This link will expire in 1 hour.</p>
|
|
<p><a href='$resetLink' style='padding: 10px 20px; background-color: #3b82f6; color: white; text-decoration: none; border-radius: 5px; display: inline-block;'>Reset Password</a></p>
|
|
<p>If you did not request this, please ignore this email.</p>
|
|
";
|
|
$text = "Reset your password by clicking this link: $resetLink";
|
|
|
|
MailService::sendMail($email, $subject, $html, $text);
|
|
}
|
|
|
|
// Always show success to prevent email enumeration
|
|
$success = true;
|
|
}
|
|
|
|
?>
|
|
<!doctype html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
|
<title>Forgot Password - SR&ED Manager</title>
|
|
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
|
|
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet">
|
|
<style>
|
|
body { font-family: 'Inter', sans-serif; background-color: #f8fafc; display: flex; align-items: center; justify-content: center; height: 100vh; margin: 0; }
|
|
.login-card { width: 100%; max-width: 400px; border: none; border-radius: 12px; box-shadow: 0 10px 25px rgba(0,0,0,0.05); }
|
|
.btn-primary { background-color: #3b82f6; border: none; padding: 10px; font-weight: 600; }
|
|
</style>
|
|
</head>
|
|
<body>
|
|
<div class="card login-card p-4">
|
|
<div class="text-center mb-4">
|
|
<h3 class="fw-bold text-primary">RESET PASSWORD</h3>
|
|
<p class="text-muted small">Enter your email to receive a reset link</p>
|
|
</div>
|
|
|
|
<?php if ($success): ?>
|
|
<div class="alert alert-success small">
|
|
If an account exists with that email, you will receive a password reset link shortly.
|
|
</div>
|
|
<div class="text-center">
|
|
<a href="login.php" class="btn btn-outline-secondary w-100">Back to Login</a>
|
|
</div>
|
|
<?php else: ?>
|
|
<form method="POST">
|
|
<div class="mb-3">
|
|
<label class="form-label small fw-bold">Email Address</label>
|
|
<input type="email" name="email" class="form-control" placeholder="name@company.com" required autofocus>
|
|
</div>
|
|
<button type="submit" class="btn btn-primary w-100 mb-3">Send Reset Link</button>
|
|
<div class="text-center">
|
|
<a href="login.php" class="small text-decoration-none">Back to Login</a>
|
|
</div>
|
|
</form>
|
|
<?php endif; ?>
|
|
</div>
|
|
</body>
|
|
</html>
|