ホーム エクスプローラ ヘルプ
登録 サインイン
benjamin.harris
/
soil-report-ai
1
0
フォーク 0
ファイル 課題 0 プルリクエスト 0 Wiki
ツリー: c900478fa1
ブランチ タグ
soil-report-ai
/
login
/
forgot-password.php

forgot-password.php 4.2 KB
履歴 Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. <?php
    2. 

  2. require_once __DIR__ . '/../config/database.php';
    3. 

  3. require_once __DIR__ . '/../lib/auth.php';
    4. 

  4. require_once __DIR__ . '/../lib/csrf.php';
    5. 

  5. 

  6. if (isLoggedIn()) {
    7. 

  7.     header('Location: /dashboard/dashboard.php');
    8. 

  8.     exit;
    9. 

  9. }
    10. 

  10. 

  11. $sent  = false;
    12. 

  12. $error = '';
    13. 

  13. 

  14. if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    15. 

  15.     if (!verifyCsrfToken($_POST['csrf_token'] ?? '')) {
    16. 

  16.         $error = 'Invalid request. Please try again.';
    17. 

  17.     } else {
    18. 

  18.         $email = trim($_POST['email'] ?? '');
    19. 

  19. 

  20.         if ($email === '' || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
    21. 

  21.             $error = 'Please enter a valid email address.';
    22. 

  22.         } else {
    23. 

  23.             // createPasswordResetToken returns null if email not found,
    24. 

  24.             // but we show the same success message to avoid email enumeration.
    25. 

  25.             $token = createPasswordResetToken($email);
    26. 

  26. 

  27.             if ($token !== null) {
    28. 

  28.                 // TODO: send email with reset link.
    29. 

  29.                 // Reset link: /login/reset-password.php?token={$token}
    30. 

  30.                 // Until SMTP is configured, the token is logged for development.
    31. 

  31.                 error_log("Password reset token for {$email}: {$token}");
    32. 

  32.             }
    33. 

  33. 

  34.             $sent = true; // Always show success to prevent email enumeration
    35. 

  35.         }
    36. 

  36.     }
    37. 

  37. }
    38. 

  38. 

  39. $pageTitle = 'Forgot Password';
    40. 

  40. include __DIR__ . '/_head.php';
    41. 

  41. ?>
    42. 

  42. 

  43. <div class="container">
    44. 

  44.     <div class="row justify-content-center">
    45. 

  45.         <div class="col-xl-10 col-lg-12 col-md-9">
    46. 

  46.             <div class="card o-hidden border-0 shadow-lg my-5">
    47. 

  47.                 <div class="card-body p-0">
    48. 

  48.                     <div class="row">
    49. 

  49.                         <div class="col-lg-6 d-none d-lg-block bg-login-image"></div>
    50. 

  50.                         <div class="col-lg-6">
    51. 

  51.                             <div class="p-5">
    52. 

  52.                                 <div class="text-center mb-4">
    53. 

  53.                                     <h1 class="h4 text-gray-900">Forgot Your Password?</h1>
    54. 

  54.                                     <p class="text-muted small">Enter your email and we'll send you a reset link.</p>
    55. 

  55.                                 </div>
    56. 

  56. 

  57.                                 <?php if ($sent): ?>
    58. 

  58.                                     <div class="alert alert-success" role="alert">
    59. 

  59.                                         If that email is registered, a reset link has been sent. Please check your inbox.
    60. 

  60.                                     </div>
    61. 

  61.                                 <?php else: ?>
    62. 

  62.                                     <?php if ($error !== ''): ?>
    63. 

  63.                                         <div class="alert alert-danger"><?= htmlspecialchars($error, ENT_QUOTES, 'UTF-8') ?></div>
    64. 

  64.                                     <?php endif; ?>
    65. 

  65. 

  66.                                     <form method="POST" action="/login/forgot-password.php" novalidate>
    67. 

  67.                                         <input type="hidden" name="csrf_token" value="<?= generateCsrfToken() ?>">
    68. 

  68.                                         <div class="mb-3">
    69. 

  69.                                             <input type="email" name="email" class="form-control form-control-user"
    70. 

  70.                                                    placeholder="Email Address" required autofocus
    71. 

  71.                                                    value="<?= htmlspecialchars($_POST['email'] ?? '', ENT_QUOTES, 'UTF-8') ?>">
    72. 

  72.                                         </div>
    73. 

  73.                                         <button type="submit" class="btn btn-success btn-user btn-block w-100 mb-3">
    74. 

  74.                                             Send Reset Link
    75. 

  75.                                         </button>
    76. 

  76.                                     </form>
    77. 

  77.                                 <?php endif; ?>
    78. 

  78. 

  79.                                 <hr>
    80. 

  80.                                 <div class="text-center">
    81. 

  81.                                     <a class="small" href="/login/register.php">Create an Account!</a>
    82. 

  82.                                 </div>
    83. 

  83.                                 <div class="text-center">
    84. 

  84.                                     <a class="small" href="/login/login.php">Already have an account? Login!</a>
    85. 

  85.                                 </div>
    86. 

  86.                             </div>
    87. 

  87.                         </div>
    88. 

  88.                     </div>
    89. 

  89.                 </div>
    90. 

  90.             </div>
    91. 

  91.         </div>
    92. 

  92.     </div>
    93. 

  93. </div>
    94. 

  94. 

  95. <?php include __DIR__ . '/_foot.php'; ?>
    96.