<?php echo nullable_htmlentities($company_name_display); ?>

Someone (probably you) has requested a new password for your account on $company_name\'s Client Portal.

Please click here to reset your password.

Alternatively, copy and paste this URL into your browser:
$url

If you didn\'t request this change, you can safely ignore this email.

--
$company_name - Support
$config_ticket_from_email
$company_phone"; $data = [ [ 'from' => $config_mail_from_email, 'from_name' => $config_mail_from_name, 'recipient' => $email, 'recipient_name' => $name, 'subject' => $subject, 'body' => $body ] ]; $mail = addToMailQueue($data); // Error handling if ($mail !== true) { mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email'"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail'"); } //End Mail IF } $_SESSION['login_message'] = "If your account exists, a reset link is on it's way! Please allow a few minutes for it to reach you."; /* * Link is being used - Perform password reset */ } elseif (isset($_POST['password_reset_set_password'])) { if (!isset($_POST['new_password']) || !isset($_POST['email']) || !isset($_POST['token']) || !isset($_POST['client'])) { $_SESSION['login_message'] = WORDING_ERROR; } $token = sanitizeInput($_POST['token']); $email = sanitizeInput($_POST['email']); $client = intval($_POST['client']); // Query user $sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN contacts ON user_id = contact_user_id WHERE user_email = '$email' AND user_password_reset_token = '$token' AND contact_client_id = $client AND user_auth_method = 'local' AND user_type = 2 AND user_status = 1 AND user_archived_at IS NULL LIMIT 1"); $user_row = mysqli_fetch_array($sql); $contact_id = intval($user_row['contact_id']); $user_id = intval($user_row['user_id']); $name = sanitizeInput($user_row['contact_name']); // Ensure the token is correct if (sha1($user_row['user_password_reset_token']) == sha1($token)) { // Set password, invalidate token, logging $password = password_hash($_POST['new_password'], PASSWORD_DEFAULT); mysqli_query($mysqli, "UPDATE users SET user_password = '$password', user_password_reset_token = NULL WHERE user_id = $user_id LIMIT 1"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact User', log_action = 'Modify', log_description = 'Reset portal password for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client, log_user_id = $user_id"); // Send confirmation email $subject = "Password reset confirmation for $company_name Client Portal"; $body = "Hello $name,

Your password for your account on $company_name\'s Client Portal was successfully reset. You should be all set!

If you didn\'t reset your password, please get in touch ASAP.

--
$company_name - Support
$config_ticket_from_email
$company_phone"; $data = [ [ 'from' => $config_mail_from_email, 'from_name' => $config_mail_from_name, 'recipient' => $email, 'recipient_name' => $name, 'subject' => $subject, 'body' => $body ] ]; $mail = addToMailQueue($data); // Error handling if ($mail !== true) { mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email'"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail'"); } // Redirect to login page $_SESSION['login_message'] = "Password reset successfully!"; header("Location: /login.php"); exit(); } else { $_SESSION['login_message'] = WORDING_ERROR; } } } ?> <?php echo nullable_htmlentities($company_name_display); ?> | Password Reset

Back to login