113 lines
6.4 KiB
PHP
113 lines
6.4 KiB
PHP
<?php
|
|
require_once __DIR__ . '/includes/auth.php';
|
|
require_once __DIR__ . '/mail/MailService.php';
|
|
|
|
if (!empty($_SESSION['user_id'])) {
|
|
header('Location: index.php');
|
|
exit;
|
|
}
|
|
|
|
$success = '';
|
|
$error = '';
|
|
$action = $_GET['action'] ?? 'forgot'; // forgot or reset
|
|
$token = $_GET['token'] ?? '';
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
if ($action === 'forgot') {
|
|
$email = trim($_POST['email'] ?? '');
|
|
if ($email) {
|
|
$stmt = db()->prepare("SELECT id FROM users WHERE email = ?");
|
|
$stmt->execute([$email]);
|
|
$user = $stmt->fetch();
|
|
if ($user) {
|
|
$newToken = bin2hex(random_bytes(32));
|
|
$expires = date('Y-m-d H:i:s', strtotime('+1 hour'));
|
|
$update = db()->prepare("UPDATE users SET reset_token = ?, reset_expires = ? WHERE id = ?");
|
|
$update->execute([$newToken, $expires, $user['id']]);
|
|
|
|
$resetUrl = app_url('reset_password.php', ['action' => 'reset', 'token' => $newToken]);
|
|
$fullResetUrl = 'http://' . $_SERVER['HTTP_HOST'] . '/' . ltrim($resetUrl, '/');
|
|
$htmlBody = current_lang() === 'ar' ? "<p>لقد طلبت إعادة تعيين كلمة المرور. انقر على الرابط أدناه لإعادة تعيينها:</p><p><a href='{$fullResetUrl}'>{$fullResetUrl}</a></p><p>ينتهي الرابط خلال ساعة واحدة.</p>" : "<p>You requested a password reset. Click the link below to reset it:</p><p><a href='{$fullResetUrl}'>{$fullResetUrl}</a></p><p>Link expires in 1 hour.</p>";
|
|
|
|
MailService::sendMail($email, "Password Reset", $htmlBody);
|
|
}
|
|
$success = t('If that email is in our system, you will receive a password reset link shortly.', 'إذا كان البريد الإلكتروني مسجلاً لدينا، ستتلقى رابطاً لإعادة تعيين كلمة المرور قريباً.');
|
|
}
|
|
} elseif ($action === 'reset' && $token) {
|
|
$password = $_POST['password'] ?? '';
|
|
$password_confirm = $_POST['password_confirm'] ?? '';
|
|
|
|
$stmt = db()->prepare("SELECT id FROM users WHERE reset_token = ? AND reset_expires > NOW()");
|
|
$stmt->execute([$token]);
|
|
$user = $stmt->fetch();
|
|
|
|
if (!$user) {
|
|
$error = t('Invalid or expired token.', 'رمز غير صالح أو منتهي الصلاحية.');
|
|
} elseif ($password !== $password_confirm) {
|
|
$error = t('Passwords do not match.', 'كلمتا المرور غير متطابقتين.');
|
|
} else {
|
|
$hash = password_hash($password, PASSWORD_DEFAULT);
|
|
$update = db()->prepare("UPDATE users SET password = ?, reset_token = NULL, reset_expires = NULL WHERE id = ?");
|
|
$update->execute([$hash, $user['id']]);
|
|
$success = t('Password updated successfully. You can now log in.', 'تم تحديث كلمة المرور بنجاح. يمكنك الآن تسجيل الدخول.');
|
|
$action = 'done';
|
|
}
|
|
}
|
|
}
|
|
|
|
render_head(t('Reset Password', 'إعادة تعيين كلمة المرور'));
|
|
render_nav('login.php');
|
|
?>
|
|
<main class="py-5 bg-light min-vh-100">
|
|
<div class="container">
|
|
<div class="row justify-content-center">
|
|
<div class="col-md-5 col-lg-4">
|
|
<div class="card border-0 shadow-sm" style="border-radius: 1rem;">
|
|
<div class="card-body p-4 p-md-5">
|
|
<?php if ($action === 'forgot'): ?>
|
|
<h1 class="h4 mb-3 text-center fw-bold"><?= h(t('Forgot Password?', 'نسيت كلمة المرور؟')) ?></h1>
|
|
<p class="text-center text-secondary small mb-4"><?= h(t('Enter your email to receive a reset link.', 'أدخل بريدك الإلكتروني لتلقي رابط إعادة التعيين.')) ?></p>
|
|
<?php if ($success): ?>
|
|
<div class="alert alert-success py-2 small"><?= h($success) ?></div>
|
|
<?php endif; ?>
|
|
<form method="post" action="reset_password.php?action=forgot">
|
|
<div class="mb-4">
|
|
<label class="form-label small fw-semibold"><?= h(t('Email address', 'البريد الإلكتروني')) ?></label>
|
|
<input type="email" name="email" class="form-control form-control-lg" required>
|
|
</div>
|
|
<button type="submit" class="btn btn-dark btn-lg w-100"><?= h(t('Send Reset Link', 'إرسال الرابط')) ?></button>
|
|
<div class="text-center mt-3"><a href="login.php" class="small text-secondary text-decoration-none"><?= h(t('Back to Login', 'العودة لتسجيل الدخول')) ?></a></div>
|
|
</form>
|
|
|
|
<?php elseif ($action === 'reset'): ?>
|
|
<h1 class="h4 mb-3 text-center fw-bold"><?= h(t('Set New Password', 'تعيين كلمة مرور جديدة')) ?></h1>
|
|
<?php if ($error): ?>
|
|
<div class="alert alert-danger py-2 small"><?= h($error) ?></div>
|
|
<?php endif; ?>
|
|
<form method="post" action="reset_password.php?action=reset&token=<?= h($token) ?>">
|
|
<div class="mb-3">
|
|
<label class="form-label small fw-semibold"><?= h(t('New Password', 'كلمة المرور الجديدة')) ?></label>
|
|
<input type="password" name="password" class="form-control form-control-lg" required>
|
|
</div>
|
|
<div class="mb-4">
|
|
<label class="form-label small fw-semibold"><?= h(t('Confirm Password', 'تأكيد كلمة المرور')) ?></label>
|
|
<input type="password" name="password_confirm" class="form-control form-control-lg" required>
|
|
</div>
|
|
<button type="submit" class="btn btn-dark btn-lg w-100"><?= h(t('Reset Password', 'إعادة تعيين')) ?></button>
|
|
</form>
|
|
|
|
<?php elseif ($action === 'done'): ?>
|
|
<div class="text-center">
|
|
<h1 class="h4 mb-3 fw-bold text-success"><?= h(t('Success!', 'نجاح!')) ?></h1>
|
|
<p class="text-secondary small mb-4"><?= h($success) ?></p>
|
|
<a href="login.php" class="btn btn-dark btn-lg w-100"><?= h(t('Log In', 'تسجيل الدخول')) ?></a>
|
|
</div>
|
|
<?php endif; ?>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</main>
|
|
<?php render_footer(); ?>
|