prepare("SELECT id, full_name, email FROM users WHERE email = ?"); $stmt->execute([$email]); $user = $stmt->fetch(); if ($user) { // Generate reset token (expires in 10 minutes) $resetToken = bin2hex(random_bytes(32)); $expiresAt = date('Y-m-d H:i:s', strtotime('+10 minutes')); // Store reset token $stmt = $db->prepare(" INSERT INTO password_resets (user_id, token, expires_at, created_at) VALUES (?, ?, ?, NOW()) ON DUPLICATE KEY UPDATE token = ?, expires_at = ?, created_at = NOW() "); $stmt->execute([$user['id'], $resetToken, $expiresAt, $resetToken, $expiresAt]); // Send reset email $result = sendPasswordResetEmail($user['email'], $user['full_name'], $resetToken); if ($result['success']) { $message = 'Password reset instructions have been sent to your email address.'; $messageType = 'success'; $showForm = false; } else { $message = 'Failed to send email. Please try again later.'; $messageType = 'error'; } } else { // Don't reveal if email exists or not for security $message = 'If an account with that email exists, you will receive password reset instructions.'; $messageType = 'success'; $showForm = false; } } else { $message = 'Please enter a valid email address.'; $messageType = 'error'; } } $pageTitle = 'Forgot Password'; include 'includes/header.php'; ?>

🔐

Forgot Password?

No worries, we'll send you reset instructions

📧

Check your inbox for the password reset link. The link will expire in 10 minutes.

Back to Home

← Back to Login