getConnection();
} catch (Exception $e) {
logError('Database connection failed in forgot-password.php: ' . $e->getMessage());
jsonResponse(false, 'System error. Please try again later.');
}
// Get and sanitize email
$email = isset($_POST['email']) ? sanitize($_POST['email']) : '';
// Validation
if (empty($email)) {
jsonResponse(false, 'Please provide your email address.');
}
if (!validateEmail($email)) {
jsonResponse(false, 'Please provide a valid email address.');
}
try {
// Check if user exists and is verified
$stmt = $pdo->prepare("
SELECT id, email, email_verified, status
FROM users
WHERE email = ?
");
$stmt->execute([$email]);
$user = $stmt->fetch();
if (!$user) {
// For security, don't reveal if email exists or not
jsonResponse(true, 'If an account with this email exists, you will receive a password reset link shortly.');
}
if (!$user['email_verified']) {
jsonResponse(false, 'Please verify your email address first before resetting your password.');
}
if ($user['status'] !== 'active') {
jsonResponse(false, 'Your account is currently ' . $user['status'] . '. Please contact support for assistance.');
}
// Check if there's already a recent reset request (prevent spam)
$stmt = $pdo->prepare("
SELECT created_at
FROM password_resets
WHERE email = ?
AND created_at > DATE_SUB(NOW(), INTERVAL 5 MINUTE)
ORDER BY created_at DESC
LIMIT 1
");
$stmt->execute([$email]);
$recentReset = $stmt->fetch();
if ($recentReset) {
jsonResponse(false, 'A password reset email was already sent recently. Please wait a few minutes before requesting another one.');
}
// Generate reset token
$resetToken = generateSecureToken();
$expiresAt = date('Y-m-d H:i:s', strtotime('+' . PASSWORD_RESET_EXPIRY_HOURS . ' hours'));
// Delete any existing reset tokens for this email
$stmt = $pdo->prepare("DELETE FROM password_resets WHERE email = ?");
$stmt->execute([$email]);
// Insert new reset token
$stmt = $pdo->prepare("
INSERT INTO password_resets (email, token, expires_at)
VALUES (?, ?, ?)
");
$stmt->execute([$email, $resetToken, $expiresAt]);
// Send password reset email
$emailHandler = new EmailHandler();
$emailSent = $emailHandler->sendPasswordResetEmail($email, $resetToken);
if ($emailSent) {
logError('Password reset email sent', ['email' => $email]);
jsonResponse(true, 'Password reset link has been sent to your email address. Please check your inbox and follow the instructions.');
} else {
logError('Failed to send password reset email', ['email' => $email]);
jsonResponse(false, 'Failed to send password reset email. Please try again later or contact support.');
}
} catch (PDOException $e) {
logError('Database error during password reset request', [
'error' => $e->getMessage(),
'email' => $email
]);
jsonResponse(false, 'System error. Please try again later.');
} catch (Exception $e) {
logError('General error during password reset request', [
'error' => $e->getMessage(),
'email' => $email
]);
jsonResponse(false, 'An unexpected error occurred. Please try again later.');
}
}
?>
Forgot Password - Relevant Reflex
Reset Your Password
Enter your email address and we'll send you a link to reset your password.