prepare("SELECT id, username FROM users WHERE email = ?"); $stmt->bind_param("s", $email); $stmt->execute(); $result = $stmt->get_result(); $userData = $result->fetch_assoc(); $stmt->close(); // Always show a success message (to avoid disclosing which emails are registered) $_SESSION['success'] = "If the email exists in our system, a password reset link has been sent."; if ($userData) { $user_id = $userData['id']; // Generate a password reset verification code valid for 15 minutes $verification_code = bin2hex(random_bytes(16)); $expires_at = date("Y-m-d H:i:s", strtotime("+15 minutes")); // Insert a record with purpose 'password_reset' $stmt = $db->prepare("REPLACE INTO email_verifications (user_id, email, verification_code, expires_at, purpose) VALUES (?, ?, ?, ?, 'password_reset')"); $stmt->bind_param("isss", $user_id, $email, $verification_code, $expires_at); $stmt->execute(); $stmt->close(); // Send password reset email via AWS SES $sesClient = new SesClient([ 'version' => 'latest', 'region' => $config['aws']['ses']['region'], 'credentials' => [ 'key' => $config['aws']['ses']['access_key'], 'secret' => $config['aws']['ses']['secret_key'], ] ]); $sender_email = $config['aws']['ses']['sender_email']; $recipient_email = $email; $subject = "Password Reset Request"; $reset_link = $config['app']['url'] . "/password-reset.php?code={$verification_code}"; $body_text = "You have requested to reset your password. Please click the link below to reset your password:\n\n"; $body_text .= "{$reset_link}\n\nIf you did not request this, please ignore this email. This link will expire in 15 minutes."; try { $result = $sesClient->sendEmail([ 'Destination' => [ 'ToAddresses' => [$recipient_email], ], 'ReplyToAddresses' => [$sender_email], 'Source' => $sender_email, 'Message' => [ 'Body' => [ 'Text' => [ 'Charset' => 'UTF-8', 'Data' => $body_text, ], ], 'Subject' => [ 'Charset' => 'UTF-8', 'Data' => $subject, ], ], ]); } catch (AwsException $e) { // Optionally log the error without disclosing details to the user. } } header("Location: forgot-password.php"); exit; } require_once 'includes/header.php'; ?>

' . htmlspecialchars($_SESSION['error']) . '

'; unset($_SESSION['error']); } if(isset($_SESSION['success'])) { echo '

' . htmlspecialchars($_SESSION['success']) . '

'; unset($_SESSION['success']); } ?>

Forgot Password