 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/domains/soundstudiopro.com/private_html/auth/ |
<?php
session_start();
require_once '../config/database.php';
require_once '../includes/translations.php';
if (isset($_SESSION['user_id'])) {
header('Location: /library.php');
exit;
}
$error = '';
$success = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$email = trim($_POST['email'] ?? '');
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error = t('register.email_invalid');
} else {
try {
$pdo = getDBConnection();
// Check if user exists
$stmt = $pdo->prepare("SELECT id, name, email FROM users WHERE email = ?");
$stmt->execute([$email]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if ($user) {
// Generate reset token
$token = bin2hex(random_bytes(32));
$expires = date('Y-m-d H:i:s', strtotime('+1 hour'));
// Store token in database (create table if needed)
try {
$pdo->exec("
CREATE TABLE IF NOT EXISTS password_resets (
id INT AUTO_INCREMENT PRIMARY KEY,
user_id INT NOT NULL,
token VARCHAR(64) NOT NULL,
expires_at DATETIME NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
used TINYINT(1) DEFAULT 0,
INDEX idx_token (token),
INDEX idx_user_id (user_id),
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci
");
} catch (Exception $e) {
// Table might already exist
}
// Invalidate old tokens for this user
$stmt = $pdo->prepare("UPDATE password_resets SET used = 1 WHERE user_id = ? AND used = 0");
$stmt->execute([$user['id']]);
// Insert new token
$stmt = $pdo->prepare("INSERT INTO password_resets (user_id, token, expires_at) VALUES (?, ?, ?)");
$stmt->execute([$user['id'], $token, $expires]);
// Send reset email
require_once '../config/email.php';
$reset_url = 'https://soundstudiopro.com/auth/reset_password.php?token=' . $token;
$user_lang = getCurrentLanguage();
$html = '
<!DOCTYPE html>
<html lang="' . $user_lang . '">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>' . t('password.reset.email.subject') . '</title>
</head>
<body style="margin: 0; padding: 0; font-family: Arial, sans-serif; background-color: #0a0a0a;">
<table role="presentation" width="100%" cellpadding="0" cellspacing="0" border="0" style="background-color: #0a0a0a;">
<tr>
<td align="center" style="padding: 20px 0;">
<table role="presentation" width="600" cellpadding="0" cellspacing="0" border="0" style="background-color: #1a1a1a; border-radius: 12px; overflow: hidden;">
<tr>
<td bgcolor="#667eea" style="background-color: #667eea; padding: 40px 30px; text-align: center;">
<img src="https://soundstudiopro.com/assets/images/og-image.png" alt="SoundStudioPro Logo" style="max-width: 200px; height: auto; display: block; margin: 0 auto 15px;" onerror="this.style.display=\'none\';">
<h1 style="margin: 0 0 10px 0; font-size: 2rem; font-weight: bold; color: #ffffff !important;">SoundStudioPro</h1>
<h2 style="margin: 0 0 20px 0; font-size: 1.5rem; font-weight: 300; color: #ffffff !important;">' . t('password.reset.email.title') . '</h2>
</td>
</tr>
<tr>
<td style="background-color: #1a1a1a; padding: 40px 30px;">
<p style="margin: 0 0 15px 0; color: #a0aec0; font-size: 16px; line-height: 1.6;">' . t('email.dear') . ' ' . htmlspecialchars($user['name']) . ',</p>
<p style="margin: 0 0 20px 0; color: #a0aec0; font-size: 16px; line-height: 1.6;">' . t('password.reset.email.instructions') . '</p>
<table role="presentation" width="100%" cellpadding="0" cellspacing="0" border="0" style="margin: 30px 0;">
<tr>
<td align="center">
<a href="' . $reset_url . '" style="display: inline-block; background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); color: #ffffff; padding: 14px 28px; text-decoration: none; border-radius: 8px; font-weight: 600; font-size: 16px;">' . t('password.reset.email.button') . '</a>
</td>
</tr>
</table>
<p style="margin: 20px 0 10px 0; color: #718096; font-size: 14px; line-height: 1.6;">' . t('password.reset.email.expires') . '</p>
<p style="margin: 0 0 20px 0; color: #718096; font-size: 14px; line-height: 1.6;">' . t('password.reset.email.ignore') . '</p>
<table role="presentation" width="100%" cellpadding="0" cellspacing="0" border="0" style="margin-top: 40px; padding-top: 30px; border-top: 1px solid rgba(255, 255, 255, 0.1);">
<tr>
<td align="center" style="padding: 20px 0;">
<p style="margin: 10px 0; color: #718096; font-size: 14px; line-height: 1.6;">' . t('email.thank_you_choosing') . '</p>
<p style="margin: 10px 0; color: #718096; font-size: 14px; line-height: 1.6;">© ' . date('Y') . ' SoundStudioPro. ' . t('email.all_rights_reserved') . '</p>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>';
$text = t('password.reset.email.title') . " - SoundStudioPro\n\n";
$text .= t('email.dear') . " " . $user['name'] . ",\n\n";
$text .= t('password.reset.email.instructions') . "\n\n";
$text .= $reset_url . "\n\n";
$text .= t('password.reset.email.expires') . "\n";
$text .= t('password.reset.email.ignore') . "\n\n";
$text .= t('email.thank_you_choosing') . "\n";
$text .= "© " . date('Y') . " SoundStudioPro. " . t('email.all_rights_reserved');
$email_sent = sendEmail(
$user['email'],
$user['name'],
t('password.reset.email.subject'),
$html,
$text,
'password_reset',
$user['id']
);
if ($email_sent) {
$success = t('password.forgot.success');
error_log("Password reset email sent successfully to: " . $user['email']);
} else {
// Log the failure but still show success message to user (security: don't reveal if email exists)
error_log("CRITICAL: Password reset email FAILED to send to: " . $user['email'] . " (User ID: " . $user['id'] . ")");
// Still show success to user for security, but log the failure
$success = t('password.forgot.success');
}
} else {
// Don't reveal if user exists (security best practice)
$success = t('password.forgot.error');
}
} catch (Exception $e) {
error_log("Password reset error: " . $e->getMessage());
$error = t('register.failed');
}
}
}
$page_title = t('password.forgot.title') . ' - SoundStudioPro';
$page_description = t('password.forgot.subtitle');
$current_page = 'forgot_password';
$current_lang = getCurrentLanguage();
?>
<!DOCTYPE html>
<html lang="<?= $current_lang ?>">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title><?= $page_title ?></title>
<link rel="stylesheet" href="/assets/fontawesome/fontawesome-free-6.5.1-web/css/all.min.css">
<?php include '../includes/header.php'; ?>
</head>
<body>
<div style="min-height: 100vh; display: flex; align-items: center; justify-content: center; padding: 2rem; background: linear-gradient(135deg, #0a0a0a 0%, #1a1a1a 50%, #16213e 100%);">
<div style="background: rgba(26, 26, 26, 0.95); border-radius: 16px; padding: 2rem; width: 100%; max-width: 450px; box-shadow: 0 20px 40px rgba(0, 0, 0, 0.4);">
<div style="text-align: center; margin-bottom: 2rem;">
<h1 style="color: #ffffff; margin-bottom: 0.5rem;"><?= t('password.forgot.title') ?></h1>
<p style="color: #a0aec0;"><?= t('password.forgot.subtitle') ?></p>
</div>
<?php if ($error): ?>
<div style="background: rgba(239, 68, 68, 0.1); border: 1px solid rgba(239, 68, 68, 0.3); color: #fca5a5; padding: 1rem; border-radius: 8px; margin-bottom: 1rem;">
<i class="fas fa-exclamation-triangle"></i> <?= htmlspecialchars($error) ?>
</div>
<?php endif; ?>
<?php if ($success): ?>
<div style="background: rgba(34, 197, 94, 0.1); border: 1px solid rgba(34, 197, 94, 0.3); color: #86efac; padding: 1rem; border-radius: 8px; margin-bottom: 1rem;">
<i class="fas fa-check-circle"></i> <?= htmlspecialchars($success) ?>
</div>
<?php endif; ?>
<?php if (!$success): ?>
<form method="POST">
<div style="margin-bottom: 1rem;">
<label style="display: block; color: #e2e8f0; font-size: 0.9rem; font-weight: 600; margin-bottom: 0.4rem;"><?= t('password.forgot.email_label') ?></label>
<input type="email" name="email" required style="width: 100%; padding: 1rem; background: rgba(255, 255, 255, 0.08); border: 1px solid rgba(102, 126, 234, 0.2); border-radius: 12px; color: white; font-size: 1rem;" placeholder="<?= t('password.forgot.email_placeholder') ?>">
</div>
<button type="submit" style="width: 100%; padding: 1.2rem; background: linear-gradient(135deg, #667eea, #764ba2); border: none; border-radius: 12px; color: white; font-size: 1.1rem; font-weight: 700; cursor: pointer; margin-top: 1rem;">
<i class="fas fa-paper-plane"></i> <?= t('password.forgot.submit') ?>
</button>
</form>
<?php endif; ?>
<div style="text-align: center; margin-top: 2rem;">
<a href="login.php" style="color: #667eea; text-decoration: none;">
<i class="fas fa-arrow-left"></i> <?= t('password.forgot.back_login') ?>
</a>
</div>
</div>
</div>
</body>
</html>