Файловый менеджер

Файловый менеджер - Редактировать - /home/d46091/invoice.ecogenix.in/password_reset.php

Назад
<?php session_start(); require_once('includes/connection.php'); // Database connection require 'vendor/autoload.php'; // Ensure PHPMailer is autoloaded use PHPMailer\PHPMailer\PHPMailer; use PHPMailer\PHPMailer\Exception; $message = ''; $error = ''; $step = 1; // 1: Email input, 2: OTP verification, 3: New password // Check if we're in step 2 or 3 based on session if (isset($_SESSION['otp_user_id']) && isset($_SESSION['otp_sent'])) { $step = 2; } if (isset($_SESSION['otp_verified']) && $_SESSION['otp_verified'] === true) { $step = 3; } if ($_SERVER["REQUEST_METHOD"] == "POST") { // Step 1: Send OTP if (isset($_POST['send_otp'])) { $email = trim($_POST['email']); if (empty($email)) { $error = "Email is required."; } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $error = "Invalid email format."; } else { // Check if user exists $stmt = $conn->prepare("SELECT id, username, email FROM users WHERE email = ?"); $stmt->bind_param("s", $email); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows > 0) { $user = $result->fetch_assoc(); // Generate OTP $otp = sprintf("%06d", mt_rand(1, 999999)); $otp_expiry = date('Y-m-d H:i:s', strtotime('+10 minutes')); // Update user with OTP $update_stmt = $conn->prepare("UPDATE users SET otp = ?, otp_expiry = ? WHERE id = ?"); $update_stmt->bind_param("ssi", $otp, $otp_expiry, $user['id']); if ($update_stmt->execute()) { // Send OTP via email $mail = new PHPMailer(true); try { // Server settings $mail->isSMTP(); $mail->Host = 'ecogenix.in'; $mail->SMTPAuth = true; $mail->Username = 'no-reply@ecogenix.in'; $mail->Password = 'freeDOM@611#'; $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS; $mail->Port = 587; // Recipients $mail->setFrom('no-reply@ecogenix.in', 'ECOGENIX - Reset Password'); $mail->addAddress($user['email'], $user['username']); // Content $mail->isHTML(true); $mail->Subject = 'Password Reset OTP - ECOGENIX'; $mail->Body = " <div style='font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto;'> <h2 style='color: #e74c3c;'>Password Reset Request</h2> <p>Hi <strong>{$user['username']}</strong>,</p> <p>You have requested to reset your password. Please use the following OTP to verify your identity:</p> <div style='background: #f8f9fa; padding: 20px; margin: 20px 0; text-align: center; border-radius: 5px;'> <h1 style='color: #e74c3c; font-size: 32px; margin: 0;'>{$otp}</h1> </div> <p><strong>Important:</strong> This OTP will expire in 10 minutes.</p> <p>If you didn't request this password reset, please ignore this email.</p> <hr style='margin: 30px 0;'> <p style='color: #666; font-size: 12px;'>This is an automated email from ECOGENIX. Please do not reply to this email.</p> </div> "; $mail->send(); // Set session variables $_SESSION['otp_user_id'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['email'] = $user['email']; $_SESSION['otp_sent'] = true; $message = "OTP has been sent to your email address. Please check your inbox."; $step = 2; } catch (Exception $e) { $error = "Failed to send OTP. Please try again later."; } } else { $error = "Failed to generate OTP. Please try again."; } } else { $error = "No account found with this email address."; } } } // Step 2: Verify OTP elseif (isset($_POST['verify_otp'])) { $entered_otp = trim($_POST['otp']); if (empty($entered_otp)) { $error = "Please enter the OTP."; } elseif (!isset($_SESSION['otp_user_id'])) { $error = "Session expired. Please start over."; session_destroy(); header("Location: " . $_SERVER['PHP_SELF']); exit; } else { // Verify OTP $stmt = $conn->prepare("SELECT otp, otp_expiry FROM users WHERE id = ?"); $stmt->bind_param("i", $_SESSION['otp_user_id']); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows > 0) { $user_data = $result->fetch_assoc(); if ($user_data['otp'] === $entered_otp) { if (strtotime($user_data['otp_expiry']) > time()) { $_SESSION['otp_verified'] = true; $message = "OTP verified successfully. Please enter your new password."; $step = 3; } else { $error = "OTP has expired. Please request a new one."; // Clear expired OTP $clear_stmt = $conn->prepare("UPDATE users SET otp = NULL, otp_expiry = NULL WHERE id = ?"); $clear_stmt->bind_param("i", $_SESSION['otp_user_id']); $clear_stmt->execute(); session_destroy(); $step = 1; } } else { $error = "Invalid OTP. Please try again."; } } else { $error = "User not found. Please start over."; session_destroy(); $step = 1; } } } // Step 3: Reset Password elseif (isset($_POST['reset_password'])) { $new_password = trim($_POST['new_password']); $confirm_password = trim($_POST['confirm_password']); if (empty($new_password) \|\| empty($confirm_password)) { $error = "Please fill in both password fields."; } elseif (strlen($new_password) < 6) { $error = "Password must be at least 6 characters long."; } elseif ($new_password !== $confirm_password) { $error = "Passwords do not match."; } elseif (!isset($_SESSION['otp_user_id']) \|\| !isset($_SESSION['otp_verified'])) { $error = "Session expired. Please start over."; session_destroy(); header("Location: " . $_SERVER['PHP_SELF']); exit; } else { // Update password $hashed_password = password_hash($new_password, PASSWORD_DEFAULT); $stmt = $conn->prepare("UPDATE users SET password = ?, otp = NULL, otp_expiry = NULL WHERE id = ?"); $stmt->bind_param("si", $hashed_password, $_SESSION['otp_user_id']); if ($stmt->execute()) { $message = "Password reset successfully! You can now log in with your new password."; session_destroy(); // Redirect to login page after 3 seconds echo "<script> setTimeout(function() { window.location.href = 'index.php'; }, 3000); </script>"; } else { $error = "Failed to update password. Please try again."; } } } // Resend OTP elseif (isset($_POST['resend_otp'])) { if (isset($_SESSION['otp_user_id'])) { $user_id = $_SESSION['otp_user_id']; // Get user data $stmt = $conn->prepare("SELECT username, email FROM users WHERE id = ?"); $stmt->bind_param("i", $user_id); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows > 0) { $user = $result->fetch_assoc(); // Generate new OTP $otp = sprintf("%06d", mt_rand(1, 999999)); $otp_expiry = date('Y-m-d H:i:s', strtotime('+10 minutes')); // Update user with new OTP $update_stmt = $conn->prepare("UPDATE users SET otp = ?, otp_expiry = ? WHERE id = ?"); $update_stmt->bind_param("ssi", $otp, $otp_expiry, $user_id); if ($update_stmt->execute()) { // Send OTP via email $mail = new PHPMailer(true); try { $mail->isSMTP(); $mail->Host = 'ecogenix.in'; $mail->SMTPAuth = true; $mail->Username = 'no-reply@ecogenix.in'; $mail->Password = 'freeDOM@611#'; $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS; $mail->Port = 587; $mail->setFrom('no-reply@ecogenix.in', 'ECOGENIX - Reset Password'); $mail->addAddress($user['email'], $user['username']); $mail->isHTML(true); $mail->Subject = 'Password Reset OTP - ECOGENIX (Resent)'; $mail->Body = " <div style='font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto;'> <h2 style='color: #e74c3c;'>Password Reset Request (Resent)</h2> <p>Hi <strong>{$user['username']}</strong>,</p> <p>Here is your new OTP for password reset:</p> <div style='background: #f8f9fa; padding: 20px; margin: 20px 0; text-align: center; border-radius: 5px;'> <h1 style='color: #e74c3c; font-size: 32px; margin: 0;'>{$otp}</h1> </div> <p><strong>Important:</strong> This OTP will expire in 10 minutes.</p> </div> "; $mail->send(); $message = "New OTP has been sent to your email address."; } catch (Exception $e) { $error = "Failed to resend OTP. Please try again."; } } } } } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Reset Password - ECOGENIX</title> <link href="https://fonts.googleapis.com/css2?family=Montserrat:wght@400;600&display=swap" rel="stylesheet"> <style> * { box-sizing: border-box; margin: 0; padding: 0; } body, html { height: 100%; font-family: 'Montserrat', sans-serif; background: url('https://img.freepik.com/free-vector/abstract-big-data-digital-technology-background-design_1017-22920.jpg') no-repeat center center fixed; background-size: cover; display: flex; align-items: center; justify-content: center; } .login-wrap { width: 100%; max-width: 400px; background: rgba(255, 255, 255, 0.15); backdrop-filter: blur(10px); border-radius: 15px; padding: 30px 25px; box-shadow: 0 8px 32px rgba(0, 0, 0, 0.3); color: #fff; text-align: center; transition: all 0.3s ease; } .login-wrap h2 { font-weight: 600; font-size: 28px; margin-bottom: 20px; color: #ffffff; } .step-indicator { display: flex; justify-content: center; margin-bottom: 30px; } .step { width: 30px; height: 30px; border-radius: 50%; background: rgba(255, 255, 255, 0.3); display: flex; align-items: center; justify-content: center; margin: 0 10px; font-weight: 600; transition: all 0.3s ease; } .step.active { background: #e74c3c; transform: scale(1.2); } .step.completed { background: #27ae60; } .step-line { width: 40px; height: 2px; background: rgba(255, 255, 255, 0.3); margin-top: 14px; } .form input { width: 100%; padding: 12px 15px; margin-bottom: 15px; border: none; border-radius: 8px; background-color: rgba(255, 255, 255, 0.8); font-size: 16px; color: #333; transition: all 0.3s ease; } .form input:focus { outline: none; background-color: rgba(255, 255, 255, 0.9); transform: translateY(-2px); } .form input::placeholder { color: #888; } .otp-input { text-align: center; font-size: 24px; font-weight: 600; letter-spacing: 5px; } .form button { width: 100%; padding: 12px; background: #e74c3c; border: none; border-radius: 8px; font-size: 18px; font-weight: 600; color: white; cursor: pointer; transition: all 0.3s ease; margin-bottom: 10px; } .form button:hover { background: #c0392b; transform: translateY(-2px); } .btn-secondary { background: #95a5a6 !important; font-size: 14px !important; padding: 8px !important; } .btn-secondary:hover { background: #7f8c8d !important; } .message { padding: 10px; border-radius: 5px; margin-bottom: 20px; font-weight: 600; } .success { background: rgba(39, 174, 96, 0.2); border: 1px solid #27ae60; color: #2ecc71; } .error { background: rgba(231, 76, 60, 0.2); border: 1px solid #e74c3c; color: #e74c3c; } .form a { display: block; margin-top: 15px; color: #ffffff; font-size: 14px; text-decoration: underline; } .form a:hover { color: #ffddc1; } .step-title { font-size: 16px; margin-bottom: 20px; opacity: 0.9; } @media screen and (max-width: 500px) { .login-wrap { margin: 20px; padding: 20px; } .step-indicator { margin-bottom: 20px; } } </style> </head> <body> <div class="login-wrap"> <h2>Reset Password</h2> <!-- Step Indicator --> <div class="step-indicator"> <div class="step <?php echo $step >= 1 ? 'active' : ''; ?> <?php echo $step > 1 ? 'completed' : ''; ?>">1</div> <div class="step-line"></div> <div class="step <?php echo $step >= 2 ? 'active' : ''; ?> <?php echo $step > 2 ? 'completed' : ''; ?>">2</div> <div class="step-line"></div> <div class="step <?php echo $step >= 3 ? 'active' : ''; ?>">3</div> </div> <?php if ($message): ?> <div class="message success"><?php echo htmlspecialchars($message); ?></div> <?php endif; ?> <?php if ($error): ?> <div class="message error"><?php echo htmlspecialchars($error); ?></div> <?php endif; ?> <?php if ($step == 1): ?> <!-- Step 1: Email Input --> <div class="step-title">Enter your email address</div> <form action="" method="POST"> <div class="form"> <input type="email" name="email" placeholder="Enter your email address" required> <button type="submit" name="send_otp">Send OTP</button> </div> </form> <?php elseif ($step == 2): ?> <!-- Step 2: OTP Verification --> <div class="step-title">Enter the OTP sent to <?php echo isset($_SESSION['email']) ? maskEmail($_SESSION['email']) : 'your email'; ?></div> <form action="" method="POST"> <div class="form"> <input type="text" name="otp" placeholder="Enter 6-digit OTP" maxlength="6" class="otp-input"> <button type="submit" name="verify_otp">Verify OTP</button> <button type="submit" name="resend_otp" class="btn-secondary">Resend OTP</button> </div> </form> <?php elseif ($step == 3): ?> <!-- Step 3: New Password --> <div class="step-title">Create your new password</div> <form action="" method="POST"> <div class="form"> <input type="password" name="new_password" placeholder="New Password (min 6 characters)" minlength="6" required> <input type="password" name="confirm_password" placeholder="Confirm New Password" minlength="6" required> <button type="submit" name="reset_password">Reset Password</button> </div> </form> <?php endif; ?> <div class="form"> <a href="index.php">← Back to Login</a> </div> </div> <script> // Auto-focus on OTP input and format document.addEventListener('DOMContentLoaded', function() { const otpInput = document.querySelector('.otp-input'); if (otpInput) { otpInput.focus(); otpInput.addEventListener('input', function(e) { // Only allow numbers e.target.value = e.target.value.replace(/[^0-9]/g, ''); }); } }); </script> </body> </html> <?php // Helper function to mask email function maskEmail($email) { $parts = explode('@', $email); $name = $parts[0]; $domain = $parts[1]; $masked_name = substr($name, 0, 2) . str_repeat('*', strlen($name) - 2); return $masked_name . '@' . $domain; } ?>

| ver. 1.4 | Github | . | PHP 8.1.32 | Генерация страницы: 0 | proxy | phpinfo | Настройка