id/forgot_password.php

53 lines
1.6 KiB
PHP
Raw Normal View History

2023-11-10 21:19:08 +00:00
<?php
2023-11-06 16:38:18 +00:00
2023-11-19 12:24:38 +00:00
if ($_SESSION['auth']) {
2023-11-06 16:38:18 +00:00
header('Location: /account');
}
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$message = "We've sent an email to that inbox if we find an associated account.";
$sql = "SELECT * FROM accounts WHERE email = ?";
$stmt = $pdo->prepare($sql);
$stmt->execute([$_POST['email']]);
$user = $stmt->fetch();
if ($user != null) { // account exists
2023-11-10 21:19:08 +00:00
// create a password reset
$password_reset_link = create_password_reset($user['id']);
2024-02-20 19:49:42 +00:00
$safe_display_name = get_display_name($user['id'], use_bcid_fallback: true);
2023-11-10 21:19:08 +00:00
try {
2024-02-17 12:04:47 +00:00
$resend->emails->send([
'from' => 'ByeCorps ID <noreply@id.byecorps.com>',
'to' => [$safe_display_name . "<" . $user['email']. ">"],
'subject' => 'Reset your password',
'text' => 'Hey there '.$safe_display_name.'! Here is that password reset you requested. Just click the following link and you\'ll be sorted:
2023-11-10 21:19:08 +00:00
'.$password_reset_link.'
2024-02-17 12:04:47 +00:00
This link expires in 5 minutes.
If you did not request this password reset, please ignore it (or tighten your account\'s security)']);
// echo("<a href='$password_reset_link'>This is a security issue.</a>");
2023-11-10 21:19:08 +00:00
} catch (Exception $e) {
2024-02-20 19:49:42 +00:00
echo "Message could not be sent. Mailer Error: $e";
2023-11-10 21:19:08 +00:00
}
2023-11-06 16:38:18 +00:00
}
}
?>
<h1>Forgot password</h1>
<?php if(isset($message)) echo "<p>".$message."</p>"; ?>
2024-02-17 12:04:47 +00:00
<p>Forgot your password? We'll email you to reset it.</p>
2023-11-06 16:38:18 +00:00
<form method="post">
<input placeholder="a.dent@squornshellous.cloud" name="email" id="email" type="email">
<button type="submit">Request password reset</button>
</form>