prepare('SELECT id, display_name, username FROM users WHERE email = ? LIMIT 1'); $stmt->execute([$email]); $user = $stmt->fetch(); if ($user) { $token = bin2hex(random_bytes(32)); $expires = date('Y-m-d H:i:s', strtotime('+1 hour')); $pdo->prepare('UPDATE users SET reset_token = ?, reset_expires = ? WHERE id = ?') ->execute([$token, $expires, $user['id']]); $site_url = rtrim(get_setting('site_url'), '/'); $link = $site_url . '/reset-password?token=' . urlencode($token); $name = $user['display_name'] ?: $user['username']; $body_html = "

Reset your password

Hello, " . htmlspecialchars($name) . "!

We received a request to reset your password for your {$site_name} account.

Reset Password

This link expires in 1 hour.

Or copy this link: " . htmlspecialchars($link) . "

If you did not request a password reset, ignore this email.

"; $html = email_template('Reset your password — ' . $site_name, $body_html); send_email($email, $name, 'Reset your password — ' . $site_name, $html); } // Always show success to prevent email enumeration } $sent = true; } ?> Forgot Password — <?= htmlspecialchars($site_name) ?>

✝

Forgot Password

If that email address exists in our system, you'll receive a password reset link shortly. Check your inbox.

Back to Login

Enter your email address and we'll send you a link to reset your password.

Back to Login