prepare("SELECT id, username, email FROM users WHERE email = ?"); $stmt->bind_param("s", $email); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows > 0) { $user = $result->fetch_assoc(); // Generate OTP $otp = sprintf("%06d", mt_rand(1, 999999)); $otp_expiry = date('Y-m-d H:i:s', strtotime('+10 minutes')); // Update user with OTP $update_stmt = $conn->prepare("UPDATE users SET otp = ?, otp_expiry = ? WHERE id = ?"); $update_stmt->bind_param("ssi", $otp, $otp_expiry, $user['id']); if ($update_stmt->execute()) { // Send OTP via email $mail = new PHPMailer(true); try { // Server settings $mail->isSMTP(); $mail->Host = 'ecogenix.in'; $mail->SMTPAuth = true; $mail->Username = 'no-reply@ecogenix.in'; $mail->Password = 'freeDOM@611#'; $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS; $mail->Port = 587; // Recipients $mail->setFrom('no-reply@ecogenix.in', 'ECOGENIX - Reset Password'); $mail->addAddress($user['email'], $user['username']); // Content $mail->isHTML(true); $mail->Subject = 'Password Reset OTP - ECOGENIX'; $mail->Body = "

Password Reset Request

Hi {$user['username']},

You have requested to reset your password. Please use the following OTP to verify your identity:

{$otp}

Important: This OTP will expire in 10 minutes.

If you didn't request this password reset, please ignore this email.

This is an automated email from ECOGENIX. Please do not reply to this email.

"; $mail->send(); // Set session variables $_SESSION['otp_user_id'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['email'] = $user['email']; $_SESSION['otp_sent'] = true; $message = "OTP has been sent to your email address. Please check your inbox."; $step = 2; } catch (Exception $e) { $error = "Failed to send OTP. Please try again later."; } } else { $error = "Failed to generate OTP. Please try again."; } } else { $error = "No account found with this email address."; } } } // Step 2: Verify OTP elseif (isset($_POST['verify_otp'])) { $entered_otp = trim($_POST['otp']); if (empty($entered_otp)) { $error = "Please enter the OTP."; } elseif (!isset($_SESSION['otp_user_id'])) { $error = "Session expired. Please start over."; session_destroy(); header("Location: " . $_SERVER['PHP_SELF']); exit; } else { // Verify OTP $stmt = $conn->prepare("SELECT otp, otp_expiry FROM users WHERE id = ?"); $stmt->bind_param("i", $_SESSION['otp_user_id']); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows > 0) { $user_data = $result->fetch_assoc(); if ($user_data['otp'] === $entered_otp) { if (strtotime($user_data['otp_expiry']) > time()) { $_SESSION['otp_verified'] = true; $message = "OTP verified successfully. Please enter your new password."; $step = 3; } else { $error = "OTP has expired. Please request a new one."; // Clear expired OTP $clear_stmt = $conn->prepare("UPDATE users SET otp = NULL, otp_expiry = NULL WHERE id = ?"); $clear_stmt->bind_param("i", $_SESSION['otp_user_id']); $clear_stmt->execute(); session_destroy(); $step = 1; } } else { $error = "Invalid OTP. Please try again."; } } else { $error = "User not found. Please start over."; session_destroy(); $step = 1; } } } // Step 3: Reset Password elseif (isset($_POST['reset_password'])) { $new_password = trim($_POST['new_password']); $confirm_password = trim($_POST['confirm_password']); if (empty($new_password) || empty($confirm_password)) { $error = "Please fill in both password fields."; } elseif (strlen($new_password) < 6) { $error = "Password must be at least 6 characters long."; } elseif ($new_password !== $confirm_password) { $error = "Passwords do not match."; } elseif (!isset($_SESSION['otp_user_id']) || !isset($_SESSION['otp_verified'])) { $error = "Session expired. Please start over."; session_destroy(); header("Location: " . $_SERVER['PHP_SELF']); exit; } else { // Update password $hashed_password = password_hash($new_password, PASSWORD_DEFAULT); $stmt = $conn->prepare("UPDATE users SET password = ?, otp = NULL, otp_expiry = NULL WHERE id = ?"); $stmt->bind_param("si", $hashed_password, $_SESSION['otp_user_id']); if ($stmt->execute()) { $message = "Password reset successfully! You can now log in with your new password."; session_destroy(); // Redirect to login page after 3 seconds echo ""; } else { $error = "Failed to update password. Please try again."; } } } // Resend OTP elseif (isset($_POST['resend_otp'])) { if (isset($_SESSION['otp_user_id'])) { $user_id = $_SESSION['otp_user_id']; // Get user data $stmt = $conn->prepare("SELECT username, email FROM users WHERE id = ?"); $stmt->bind_param("i", $user_id); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows > 0) { $user = $result->fetch_assoc(); // Generate new OTP $otp = sprintf("%06d", mt_rand(1, 999999)); $otp_expiry = date('Y-m-d H:i:s', strtotime('+10 minutes')); // Update user with new OTP $update_stmt = $conn->prepare("UPDATE users SET otp = ?, otp_expiry = ? WHERE id = ?"); $update_stmt->bind_param("ssi", $otp, $otp_expiry, $user_id); if ($update_stmt->execute()) { // Send OTP via email $mail = new PHPMailer(true); try { $mail->isSMTP(); $mail->Host = 'ecogenix.in'; $mail->SMTPAuth = true; $mail->Username = 'no-reply@ecogenix.in'; $mail->Password = 'freeDOM@611#'; $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS; $mail->Port = 587; $mail->setFrom('no-reply@ecogenix.in', 'ECOGENIX - Reset Password'); $mail->addAddress($user['email'], $user['username']); $mail->isHTML(true); $mail->Subject = 'Password Reset OTP - ECOGENIX (Resent)'; $mail->Body = "

Password Reset Request (Resent)

Hi {$user['username']},

Here is your new OTP for password reset:

{$otp}

Important: This OTP will expire in 10 minutes.

"; $mail->send(); $message = "New OTP has been sent to your email address."; } catch (Exception $e) { $error = "Failed to resend OTP. Please try again."; } } } } } } ?> Reset Password - ECOGENIX

Reset Password

Enter your email address

Enter the OTP sent to

Create your new password

← Back to Login