-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathforgot_password.php
More file actions
189 lines (170 loc) · 7.68 KB
/
forgot_password.php
File metadata and controls
189 lines (170 loc) · 7.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
<?php
// Start session
session_start();
// Include database connection
include_once 'config/database.php';
include_once 'config/config.php';
// Check if user is already logged in
if(isset($_SESSION['user_id'])) {
// Redirect based on user role
switch($_SESSION['user_role']) {
case 'Admin':
header('Location: admin/menu_management.php');
break;
case 'Kitchen':
header('Location: kitchen/dashboard.php');
break;
case 'Waiter':
header('Location: admin/table_management.php');
break;
default:
// Invalid role, destroy session
session_destroy();
}
exit();
}
$message = '';
$message_type = '';
if($_SERVER['REQUEST_METHOD'] === 'POST') {
// Validate email
if(empty($_POST['email'])) {
$message = 'Please enter your email address';
$message_type = 'danger';
} else {
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$message = 'Please enter a valid email address';
$message_type = 'danger';
} else {
// Create database connection
$database = new Database();
$db = $database->getConnection();
try {
// Check if email exists
$query = "SELECT id, username, name FROM users WHERE email = :email AND is_active = TRUE";
$stmt = $db->prepare($query);
$stmt->bindParam(':email', $email);
$stmt->execute();
if($stmt->rowCount() > 0) {
$user = $stmt->fetch(PDO::FETCH_ASSOC);
// Generate a unique token
$token = bin2hex(random_bytes(32));
$expires = date('Y-m-d H:i:s', time() + 3600); // 1 hour expiration
// Store token in database
$update_query = "UPDATE users SET reset_token = :token, reset_token_expires = :expires
WHERE id = :id";
$update_stmt = $db->prepare($update_query);
$update_stmt->bindParam(':token', $token);
$update_stmt->bindParam(':expires', $expires);
$update_stmt->bindParam(':id', $user['id']);
$update_stmt->execute();
// Create reset password link
$reset_link = SITE_URL . '/reset_password.php?token=' . $token;
// Email content
$to = $email;
$subject = SITE_NAME . ' - Password Reset Request';
$message_body = "Hello " . $user['name'] . ",\n\n";
$message_body .= "We received a request to reset your password at " . SITE_NAME . ".\n\n";
$message_body .= "Please click the link below or copy it to your browser to reset your password:\n";
$message_body .= $reset_link . "\n\n";
$message_body .= "This link will expire in 1 hour.\n\n";
$message_body .= "If you did not request a password reset, please ignore this email.\n\n";
$message_body .= "Regards,\n";
$message_body .= SITE_NAME . " Team";
$headers = "From: noreply@" . $_SERVER['SERVER_NAME'];
// Send email
if(mail($to, $subject, $message_body, $headers)) {
$message = 'Password reset instructions have been sent to your email address.';
$message_type = 'success';
} else {
$message = 'Failed to send password reset email. Please try again later.';
$message_type = 'danger';
}
} else {
// Email not found, but don't reveal that to prevent email enumeration
$message = 'If your email exists in our system, you will receive reset instructions.';
$message_type = 'success';
}
} catch(PDOException $e) {
$message = 'An error occurred. Please try again later.';
$message_type = 'danger';
// Log error for admin
error_log('Password reset request error: ' . $e->getMessage());
}
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Forgot Password - <?php echo SITE_NAME; ?></title>
<!-- Bootstrap CSS -->
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/css/bootstrap.min.css" rel="stylesheet">
<style>
body {
background-color: #f0e4d7; /* Light beige background */
height: 100vh;
display: flex;
align-items: center;
justify-content: center;
padding: 20px;
}
.form-signin {
width: 100%;
max-width: 400px; /* Adjusted width */
padding: 20px;
background-color: #ffffff; /* White background for the form */
border-radius: 15px; /* Rounded corners */
box-shadow: 0 0.5rem 1rem rgba(0, 0, 0, 0.1); /* Subtle shadow */
}
.card-title {
color: #7d5e55; /* Brownish text color for title */
}
.alert {
border-radius: 8px; /* Rounded alert boxes */
}
.btn-primary {
background-color: #7d5e55; /* Brown button color */
border: none; /* Remove border */
}
.btn-primary:hover {
background-color: #6c4b41; /* Slightly darker on hover */
}
.footer-text {
color: #7d5e55; /* Brownish color for footer text */
}
</style>
</head>
<body>
<main class="form-signin">
<div class="card">
<div class="card-body">
<div class="text-center mb-4">
<h1 class="h3 mb-3 fw-normal card-title"><?php echo SITE_NAME; ?></h1>
<h2 class="h5 mb-3 fw-normal">Reset Password</h2>
</div>
<?php if(!empty($message)): ?>
<div class="alert alert-<?php echo $message_type; ?>"><?php echo $message; ?></div>
<?php endif; ?>
<p class="mb-3">Enter your email address below and we'll send you instructions to reset your password.</p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
<div class="form-floating mb-3">
<input type="email" class="form-control" id="email" name="email" placeholder="Email" required>
<label for="email">Email</label>
</div>
<button class="w-100 btn btn-lg btn-primary" type="submit">Send Reset Instructions</button>
<div class="text-center mt-3">
<a href="login.php" class="text-decoration-none">Back to Login</a>
</div>
</form>
</div>
</div>
<p class="mt-4 mb-3 text-muted text-center footer-text">© <?php echo date('Y'); ?> <?php echo SITE_NAME; ?></p>
</main>
<!-- Bootstrap JS Bundle with Popper -->
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>