Site Builder
Editing:
forgot.php
writable 0666
<?php /***************************************************************** * Forgot‑password request (2025 UI, now accepts e‑mail *or* * username / phone) © BestDealOn *****************************************************************/ require_once __DIR__.'/lib/db.php'; require_once __DIR__.'/lib/mail.php'; $msg = $err = ''; /* -------------------------------------------------------------- 1. Handle POST ----------------------------------------------------------------*/ if ($_SERVER['REQUEST_METHOD'] === 'POST') { $raw = trim($_POST['user'] ?? ''); /* Normalise & decide how to search --------------------- */ $isEmail = filter_var($raw, FILTER_VALIDATE_EMAIL); $digits = preg_replace('/\D/','', $raw); $search = $isEmail ? $raw : $raw; // default to as‑typed if ($isEmail) { $stmt = $db->prepare('SELECT id, email FROM users WHERE email = ? LIMIT 1'); $stmt->execute([$search]); } elseif ($digits !== '' && strlen($digits) === 10) { // phone‑style username $stmt = $db->prepare('SELECT id, email FROM users WHERE username = ? LIMIT 1'); $stmt->execute([$digits]); } else { // handle / slug $stmt = $db->prepare('SELECT id, email FROM users WHERE username = ? LIMIT 1'); $stmt->execute([$search]); } $u = $stmt->fetch(); if ($u) { /* create selector‑less token – same logic as before */ $token = bin2hex(random_bytes(32)); // 64‑char $hash = hash('sha256', $token); $db->prepare('INSERT INTO password_resets (user_id, token, expires) VALUES (?, ?, DATE_ADD(NOW(), INTERVAL 30 MINUTE))') ->execute([$u['id'], $hash]); $scheme = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http'; $host = $_SERVER['HTTP_HOST']; // e.g. bestdealon.com or demo.mysite.org $path = dirname($_SERVER['SCRIPT_NAME']); // directory where *this* file lives $path = rtrim($path, '/'); // tidy trailing slash // If you keep all member pages inside /members/, force that path; // otherwise comment the next line and rely on $path above. $path = '/members'; $link = "{$scheme}://{$host}{$path}/reset.php?t={$token}"; send_mail( $u['email'], 'Password reset', "Click the link below to reset your BestDealOn password.\n\n$link\n\n" ."This link expires in 30 minutes." ); } /* Always display the generic notice */ $msg = 'If the account exists, a reset link has been sent. ' .'Check your inbox and spam folder.'; } /* -------------------------------------------------------------- 2. Page ----------------------------------------------------------------*/ ?><!doctype html> <title>Reset your BestDealOn password</title> <meta name="viewport" content="width=device-width,initial-scale=1"> <style> :root{ --brand:#0066ff;--bg:#f9fbff;--fg:#111;--error:#d91c31;--ok:#0e8a34; font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica,Arial,sans-serif } *{box-sizing:border-box} body{margin:0;display:flex;min-height:100vh;align-items:center;justify-content:center;background:var(--bg);color:var(--fg)} .card{width:clamp(320px,92vw,420px);background:#fff;padding:2.2rem;border-radius:12px;box-shadow:0 6px 24px rgba(0,0,0,.07)} h1{text-align:center;font-size:1.6rem;margin:.2rem 0 1.2rem} label{display:block;margin:.9rem 0 .25rem;font-weight:600} input,button{width:100%;padding:.65rem .75rem;border:1px solid #ccd2e2;border-radius:8px;font:inherit} input:focus{border-color:var(--brand);outline:none;box-shadow:0 0 0 2px #e5eeff} button{margin-top:1.3rem;background:var(--brand);color:#fff;font-weight:600;border:none;cursor:pointer} button:hover{filter:brightness(1.08)} .alert{padding:.9rem 1rem;border-radius:8px;margin-bottom:1.1rem} .error{background:#ffe1e1;color:var(--error);border:1px solid #f2bcbc} .ok{background:#e6f9ee;color:var(--ok);border:1px solid #bee9cc} .small{font-size:.85rem;text-align:center;margin-top:1.1rem} @media(prefers-color-scheme:dark){ :root{--bg:#0d1117;--fg:#e6edf3;--brand:#2f81f7;--error:#ff6e6e} .card{background:#161b22;box-shadow:0 4px 14px rgba(0,0,0,.6)} input{background:#0d1117;color:var(--fg);border-color:#30363d} } </style> <body> <main class="card"> <h1>Forgot your password?</h1> <p style="text-align:center"> Enter the <strong>e‑mail</strong>, <strong>username</strong><br> or 10‑digit <strong>phone</strong> you used at sign‑up. </p> <?php if($err): ?><div class="alert error"><?=htmlspecialchars($err)?></div><?php endif ?> <?php if($msg): ?><div class="alert ok"><?=htmlspecialchars($msg)?></div><?php endif ?> <form method="post" novalidate> <label for="u">E‑mail / Username / Phone</label> <input id="u" name="user" required placeholder="you@example.com or @handle or 7276101188" value="<?=htmlspecialchars($_POST['user']??'')?>"> <button>Send reset link</button> </form> <p class="small"><a href="/members/login.php">Back to log in</a></p> </main> </body>
Save changes
Create folder
writable 0777
Create
Cancel