prepare("SELECT * FROM users WHERE username = ? OR email = ?");
$stmt->execute([$account, $account]);
$user = $stmt->fetch();
if (!$user) {
$error = __('account_not_found');
} else {
$hash = password_hash($password, PASSWORD_DEFAULT);
$stmt = db()->prepare("UPDATE users SET password_hash = ? WHERE id = ?");
$stmt->execute([$hash, $user['id']]);
$success = __('pwd_reset_success');
}
}
}
}
// API for sending code
if (isset($_GET['action']) && $_GET['action'] === 'send_code') {
ob_start();
error_reporting(0);
ini_set('display_errors', 0);
header('Content-Type: application/json');
$account = $_GET['account'] ?? '';
$type = $_GET['type'] ?? 'email';
$code = str_pad(mt_rand(0, 999999), 6, '0', STR_PAD_LEFT);
if (session_status() === PHP_SESSION_NONE) session_start();
if ($type === 'email') {
if (!filter_var($account, FILTER_VALIDATE_EMAIL)) {
ob_clean();
echo json_encode(['success' => false, 'error' => __('invalid_email')]);
exit;
}
$_SESSION['reset_email_code'] = $code;
require_once __DIR__ . '/../mail/MailService.php';
$subject = __('verification_code') . ' - ' . __('reset_password');
$content = __('verification_code') . ": $code";
$res = MailService::sendMail($account, $subject, $content, $content);
if (!$res['success']) {
ob_clean();
echo json_encode(['success' => false, 'error' => $res['error'] ?? __('send_failed')]);
exit;
}
} else {
$_SESSION['reset_mobile_code'] = $code;
// SMS logic here if needed
}
ob_clean();
echo json_encode(['success' => true]);
exit;
}
include __DIR__ . '/../includes/header.php';
?>