-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathforgot_password.php
53 lines (37 loc) · 1.61 KB
/
forgot_password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
<?php
if ($_SESSION['auth']) {
header('Location: /account');
}
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$message = "We've sent an email to that inbox if we find an associated account.";
$sql = "SELECT * FROM accounts WHERE email = ?";
$stmt = $pdo->prepare($sql);
$stmt->execute([$_POST['email']]);
$user = $stmt->fetch();
if ($user != null) { // account exists
// create a password reset
$password_reset_link = create_password_reset($user['id']);
$safe_display_name = get_display_name($user['id'], use_bcid_fallback: true);
try {
$resend->emails->send([
'from' => 'ByeCorps ID <noreply@id.byecorps.com>',
'to' => [$safe_display_name . "<" . $user['email']. ">"],
'subject' => 'Reset your password',
'text' => 'Hey there '.$safe_display_name.'! Here is that password reset you requested. Just click the following link and you\'ll be sorted:
'.$password_reset_link.'
This link expires in 5 minutes.
If you did not request this password reset, please ignore this email.']);
// echo("<a href='$password_reset_link'>This is a security issue.</a>");
} catch (Exception $e) {
echo "Message could not be sent. Mailer Error: $e";
}
}
}
?>
<h1>Forgot password</h1>
<?php if(isset($message)) echo "<p>".$message."</p>"; ?>
<p>Forgot your password? We'll email you to reset it.</p>
<form method="post">
<input placeholder="a.dent@squornshellous.cloud" name="email" id="email" type="email">
<button type="submit">Request password reset</button>
</form>