I'm in a rush to release so I am adding features that are needed to make it usable.

2025-02-17 22:03:33 -08:00 · 2025-02-17 22:03:33 -08:00 · 4c2857b445
commit 4c2857b445
parent c76ab1abf3
25 changed files with 2475 additions and 3475 deletions
--- a/forgot-password.php
+++ b/forgot-password.php
@ -0,0 +1,121 @@
+<?php
+session_start();
+require_once 'includes/globals.php';
+require_once 'vendor/autoload.php';
+
+use DJMixHosting\Database;
+use Aws\Ses\SesClient;
+use Aws\Exception\AwsException;
+
+if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['email'])) {
+    $email = trim($_POST['email']);
+    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+        $_SESSION['error'] = "Invalid email format.";
+        header("Location: forgot-password.php");
+        exit;
+    }
+
+    $db = new Database($config);
+    // Check if email exists in the system
+    $stmt = $db->prepare("SELECT id, username FROM users WHERE email = ?");
+    $stmt->bind_param("s", $email);
+    $stmt->execute();
+    $result = $stmt->get_result();
+    $userData = $result->fetch_assoc();
+    $stmt->close();
+
+    // Always show a success message (to avoid disclosing which emails are registered)
+    $_SESSION['success'] = "If the email exists in our system, a password reset link has been sent.";
+
+    if ($userData) {
+        $user_id = $userData['id'];
+        // Generate a password reset verification code valid for 15 minutes
+        $verification_code = bin2hex(random_bytes(16));
+        $expires_at = date("Y-m-d H:i:s", strtotime("+15 minutes"));
+
+        // Insert a record with purpose 'password_reset'
+        $stmt = $db->prepare("REPLACE INTO email_verifications (user_id, email, verification_code, expires_at, purpose) VALUES (?, ?, ?, ?, 'password_reset')");
+        $stmt->bind_param("isss", $user_id, $email, $verification_code, $expires_at);
+        $stmt->execute();
+        $stmt->close();
+
+        // Send password reset email via AWS SES
+        $sesClient = new SesClient([
+            'version' => 'latest',
+            'region'  => $config['aws']['ses']['region'],
+            'credentials' => [
+                'key'    => $config['aws']['ses']['access_key'],
+                'secret' => $config['aws']['ses']['secret_key'],
+            ]
+        ]);
+
+        $sender_email = $config['aws']['ses']['sender_email'];
+        $recipient_email = $email;
+        $subject = "Password Reset Request";
+        $reset_link = $config['app']['url'] . "/password-reset.php?code={$verification_code}";
+        $body_text = "You have requested to reset your password. Please click the link below to reset your password:\n\n";
+        $body_text .= "{$reset_link}\n\nIf you did not request this, please ignore this email. This link will expire in 15 minutes.";
+
+        try {
+            $result = $sesClient->sendEmail([
+                'Destination' => [
+                    'ToAddresses' => [$recipient_email],
+                ],
+                'ReplyToAddresses' => [$sender_email],
+                'Source' => $sender_email,
+                'Message' => [
+                    'Body' => [
+                        'Text' => [
+                            'Charset' => 'UTF-8',
+                            'Data' => $body_text,
+                        ],
+                    ],
+                    'Subject' => [
+                        'Charset' => 'UTF-8',
+                        'Data' => $subject,
+                    ],
+                ],
+            ]);
+        } catch (AwsException $e) {
+            // Optionally log the error without disclosing details to the user.
+        }
+    }
+    header("Location: forgot-password.php");
+    exit;
+}
+
+require_once 'includes/header.php';
+?>
+
+<section class="forgot-password-section py-5">
+    <div class="container">
+        <div class="row justify-content-center">
+            <div class="col-lg-5">
+                <?php
+                if(isset($_SESSION['error'])) {
+                    echo '<div class="alert alert-danger alert-dismissible fade show mb-4" role="alert">' . htmlspecialchars($_SESSION['error']) . '<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button></div>';
+                    unset($_SESSION['error']);
+                }
+                if(isset($_SESSION['success'])) {
+                    echo '<div class="alert alert-success alert-dismissible fade show mb-4" role="alert">' . htmlspecialchars($_SESSION['success']) . '<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button></div>';
+                    unset($_SESSION['success']);
+                }
+                ?>
+                <div class="card shadow-sm border-0">
+                    <div class="card-body p-4">
+                        <h3 class="text-center mb-4">Forgot Password</h3>
+                        <form action="forgot-password.php" method="post" class="needs-validation" novalidate>
+                            <div class="mb-3">
+                                <label for="email" class="form-label">Enter your email address</label>
+                                <input type="email" class="form-control" id="email" name="email" required>
+                            </div>
+                            <button type="submit" class="btn btn-primary w-100">Submit</button>
+                        </form>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</section>
+
+<?php require_once 'includes/footer.php'; ?>