prepare("SELECT id, username, email, password FROM users WHERE email = ?"); $stmt->bind_param("s", $username); $stmt->execute(); $result = $stmt->get_result(); if ($user = $result->fetch_assoc()) { if (password_verify($password, $user['password'])) { // Generate secure OTP $otp = random_int(100000, 999999); $otpExpiry = date("Y-m-d H:i:s", strtotime('+10 minutes')); // Save OTP with prepared statement $updateStmt = $conn->prepare("UPDATE users SET otp = ?, otp_expiry = ? WHERE id = ?"); $updateStmt->bind_param("ssi", $otp, $otpExpiry, $user['id']); if ($updateStmt->execute()) { // Send OTP via PHPMailer $mail = new PHPMailer(true); try { // Server settings - Move to environment variables in production $mail->isSMTP(); $mail->Host = 'ecogenix.in'; $mail->SMTPAuth = true; $mail->Username = 'no-reply@ecogenix.in'; // TODO: Move password to environment variable $mail->Password = 'freeDOM@611#'; // This should be in $_ENV['SMTP_PASSWORD'] $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS; $mail->Port = 587; // Recipients $mail->setFrom('no-reply@ecogenix.in', 'Ecogenix System'); $mail->addAddress($username); $mail->addReplyTo('no-reply@ecogenix.in', 'Ecogenix System'); // Content $mail->isHTML(true); $mail->Subject = 'Your OTP Code - Ecogenix'; $mail->Body = "

Ecogenix Login Verification

Hi " . htmlspecialchars($user['username']) . ",

Your One-Time Password (OTP) for login verification is:

$otp

Important: This OTP will expire in 10 minutes.

If you didn't request this login, please ignore this email and ensure your account is secure.

This is an automated message. Please do not reply to this email.

"; if ($mail->send()) { // Store user info in session for OTP verification $_SESSION['otp_user_id'] = $user['id']; $_SESSION['temp_username'] = $user['username']; $_SESSION['temp_email'] = $user['email']; $_SESSION['otp_timestamp'] = time(); header("Location: verify_otp.php"); exit; } else { $error_message = "Failed to send OTP. Please try again."; } } catch (Exception $e) { error_log("PHPMailer Error: " . $e->getMessage()); $error_message = "Unable to send OTP at this time. Please try again later."; } } else { $error_message = "System error. Please try again."; } $updateStmt->close(); } else { $error_message = "Invalid email or password."; } } else { $error_message = "Invalid email or password."; } $stmt->close(); } catch (Exception $e) { error_log("Database Error: " . $e->getMessage()); $error_message = "System error. Please try again later."; } } } ?> Admin Login - ECOGENIX

ECOGENIX ADMIN

Forgot Password?

🔒 Secure login with two-factor authentication