prepare("SELECT id, username, full_name FROM users WHERE email = ? AND is_deleted = 0 LIMIT 1"); $stmt->execute([$email]); $user = $stmt->fetch(PDO::FETCH_ASSOC); if ($user) { $token = bin2hex(random_bytes(32)); $expiry = date('Y-m-d H:i:s', strtotime('+1 hour')); $stmt = $pdo->prepare("UPDATE users SET reset_token = ?, reset_token_expiry = ? WHERE id = ?"); $stmt->execute([$token, $expiry, $user['id']]); $resetLink = $baseUrl . "reset_password.php?token=" . $token; $subject = "Password Reset Request - " . $settings['company_name']; $messageHtml = "

Password Reset Request

Hello " . htmlspecialchars($user['full_name'] ?: $user['username']) . ",

We received a request to reset your password. Click the button below to set a new password:

Reset Password

If you did not request this, please ignore this email.

This link will expire in 1 hour.

"; $messageTxt = "Hello, click here to reset your password: $resetLink. This link will expire in 1 hour."; $res = MailService::sendMail($email, $subject, $messageHtml, $messageTxt); if (!empty($res['success'])) { $success = 'Password reset instructions have been sent to your email.'; } else { $error = 'Failed to send reset email. Please contact administrator.'; // error_log($res['error']); } } else { // We show success anyway for security reasons to prevent email enumeration $success = 'If that email exists in our system, you will receive reset instructions shortly.'; } } } ?> Forgot Password - <?= htmlspecialchars($settings['company_name']) ?>

Forgot Password

Enter your email address to receive a reset link

Back to Login
Back to Login