cody/dj_mix_hosting_software
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
dj_mix_hosting_software/forgot-password.php

121 lines
5 KiB
PHP
Raw Blame History

<?php
session_start();
require_once 'includes/globals.php';
require_once 'vendor/autoload.php';
use DJMixHosting\Database;
use Aws\Ses\SesClient;
use Aws\Exception\AwsException;
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['email'])) {
$email = trim($_POST['email']);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$_SESSION['error'] = "Invalid email format.";
header("Location: forgot-password.php");
exit;
}
$db = new Database($config);
// Check if email exists in the system
$stmt = $db->prepare("SELECT id, username FROM users WHERE email = ?");
$stmt->bind_param("s", $email);
$stmt->execute();
$result = $stmt->get_result();
$userData = $result->fetch_assoc();
$stmt->close();
// Always show a success message (to avoid disclosing which emails are registered)
$_SESSION['success'] = "If the email exists in our system, a password reset link has been sent.";
if ($userData) {
$user_id = $userData['id'];
// Generate a password reset verification code valid for 15 minutes
$verification_code = bin2hex(random_bytes(16));
$expires_at = date("Y-m-d H:i:s", strtotime("+15 minutes"));
// Insert a record with purpose 'password_reset'
$stmt = $db->prepare("REPLACE INTO email_verifications (user_id, email, verification_code, expires_at, purpose) VALUES (?, ?, ?, ?, 'password_reset')");
$stmt->bind_param("isss", $user_id, $email, $verification_code, $expires_at);
$stmt->execute();
$stmt->close();
// Send password reset email via AWS SES
$sesClient = new SesClient([
'version' => 'latest',
'region' => $config['aws']['ses']['region'],
'credentials' => [
'key' => $config['aws']['ses']['access_key'],
'secret' => $config['aws']['ses']['secret_key'],
]
]);
$sender_email = $config['aws']['ses']['sender_email'];
$recipient_email = $email;
$subject = "Password Reset Request";
$reset_link = $config['app']['url'] . "/password-reset.php?code={$verification_code}";
$body_text = "You have requested to reset your password. Please click the link below to reset your password:\n\n";
$body_text .= "{$reset_link}\n\nIf you did not request this, please ignore this email. This link will expire in 15 minutes.";
try {
$result = $sesClient->sendEmail([
'Destination' => [
'ToAddresses' => [$recipient_email],
],
'ReplyToAddresses' => [$sender_email],
'Source' => $sender_email,
'Message' => [
'Body' => [
'Text' => [
'Charset' => 'UTF-8',
'Data' => $body_text,
],
],
'Subject' => [
'Charset' => 'UTF-8',
'Data' => $subject,
],
],
]);
} catch (AwsException $e) {
// Optionally log the error without disclosing details to the user.
}
}
header("Location: forgot-password.php");
exit;
}
require_once 'includes/header.php';
?>
<section class="forgot-password-section py-5">
<div class="container">
<div class="row justify-content-center">
<div class="col-lg-5">
<?php
if(isset($_SESSION['error'])) {
echo '<div class="alert alert-danger alert-dismissible fade show mb-4" role="alert">' . htmlspecialchars($_SESSION['error']) . '<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button></div>';
unset($_SESSION['error']);
}
if(isset($_SESSION['success'])) {
echo '<div class="alert alert-success alert-dismissible fade show mb-4" role="alert">' . htmlspecialchars($_SESSION['success']) . '<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button></div>';
unset($_SESSION['success']);
}
?>
<div class="card shadow-sm border-0">
<div class="card-body p-4">
<h3 class="text-center mb-4">Forgot Password</h3>
<form action="forgot-password.php" method="post" class="needs-validation" novalidate>
<div class="mb-3">
<label for="email" class="form-label">Enter your email address</label>
<input type="email" class="form-control" id="email" name="email" required>
</div>
<button type="submit" class="btn btn-primary w-100">Submit</button>
</form>
</div>
</div>
</div>
</div>
</div>
</section>
<?php require_once 'includes/footer.php'; ?>
Reference in a new issue View git blame Copy permalink