pguzman/Rosary
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d4507ef4e2bcaf6ad2b710d92e50f1ed18719e31
Rosary/forgot_password.php
T
pguzman 663fde3909 Initial commit — Rosary Presenter App 
Full source for loveandrosary.com: slide-based Rosary/novena/Divine Mercy
Chaplet presentation tool with multi-user roles, SVG bead ring, audio uploads,
donate strip, and public session profiles.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 18:44:08 -07:00

86 lines
3.8 KiB
PHP
Raw Blame History

<?php
require_once __DIR__ . '/config/db.php';
require_once __DIR__ . '/includes/mailer.php';
$sent = false;
$site_name = get_setting('site_name', APP_NAME);
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$email = trim($_POST['email'] ?? '');
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
$pdo = get_pdo();
$stmt = $pdo->prepare('SELECT id, display_name, username FROM users WHERE email = ? LIMIT 1');
$stmt->execute([$email]);
$user = $stmt->fetch();
if ($user) {
$token = bin2hex(random_bytes(32));
$expires = date('Y-m-d H:i:s', strtotime('+1 hour'));
$pdo->prepare('UPDATE users SET reset_token = ?, reset_expires = ? WHERE id = ?')
->execute([$token, $expires, $user['id']]);
$site_url = rtrim(get_setting('site_url'), '/');
$link = $site_url . '/reset-password?token=' . urlencode($token);
$name = $user['display_name'] ?: $user['username'];
$body_html = "
<h2 style='margin-top:0;color:#1e3a5f'>Reset your password</h2>
<p>Hello, <strong>" . htmlspecialchars($name) . "</strong>!</p>
<p>We received a request to reset your password for your {$site_name} account.</p>
<p style='text-align:center;margin:28px 0'>
<a href='" . htmlspecialchars($link) . "' style='display:inline-block;background:#1e3a5f;color:#fff;padding:12px 28px;border-radius:6px;text-decoration:none;font-weight:600'>Reset Password</a>
</p>
<p style='color:#6b7280;font-size:13px'>This link expires in 1 hour.</p>
<p style='color:#6b7280;font-size:13px'>Or copy this link: " . htmlspecialchars($link) . "</p>
<p style='color:#6b7280;font-size:13px'>If you did not request a password reset, ignore this email.</p>
";
$html = email_template('Reset your password — ' . $site_name, $body_html);
send_email($email, $name, 'Reset your password — ' . $site_name, $html);
}
// Always show success to prevent email enumeration
}
$sent = true;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="icon" type="image/svg+xml" href="<?= BASE_URL ?>/favicon.svg">
<title>Forgot Password — <?= htmlspecialchars($site_name) ?></title>
<link rel="stylesheet" href="<?= BASE_URL ?>/assets/css/setup.css">
</head>
<body class="login-page">
<div class="login-box">
<h1>&#x271D; <?= htmlspecialchars($site_name) ?></h1>
<h2>Forgot Password</h2>
<?php if ($sent): ?>
<div class="alert alert-success">
If that email address exists in our system, you'll receive a password reset link shortly. Check your inbox.
</div>
<div style="margin-top:20px;text-align:center">
<a href="<?= BASE_URL ?>/login" class="btn btn-ghost">Back to Login</a>
</div>
<?php else: ?>
<p style="color:#6b7280;margin-bottom:20px;font-size:14px">
Enter your email address and we'll send you a link to reset your password.
</p>
<form method="post" action="<?= BASE_URL ?>/forgot-password">
<div class="form-group">
<label for="email">Email Address</label>
<input type="email" id="email" name="email" autofocus required>
</div>
<button type="submit" class="btn btn-primary btn-full">Send Reset Link</button>
</form>
<div style="margin-top:20px;text-align:center;font-size:14px">
<a href="<?= BASE_URL ?>/login" style="color:#1e3a5f">Back to Login</a>
</div>
<?php endif; ?>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink