diff --git a/api/admin.php b/api/admin.php index 3333c82..575ea31 100644 --- a/api/admin.php +++ b/api/admin.php @@ -368,13 +368,12 @@ switch ($action) { // Generate reset token — reuse pending_registrations pattern $token = bin2hex(random_bytes(32)); $exp = date('Y-m-d H:i:s', time() + 3600); // 1 hour - db()->prepare("INSERT INTO pending_registrations (username,password,alias,email,token,expires_at) VALUES ('__reset__','',''.?,?,'__reset__',?) ON DUPLICATE KEY UPDATE token=VALUES(token),expires_at=VALUES(expires_at)")->execute([$user['alias'],$user['email'],$token,$exp]); + db()->prepare("INSERT INTO pending_registrations (username,password,alias,email,token,expires_at) VALUES ('__reset__','',?,?,?,?) ON DUPLICATE KEY UPDATE token=VALUES(token),expires_at=VALUES(expires_at)")->execute([$user['alias'],$user['email'],$token,$exp]); // Simple reset email $resetUrl = rtrim(SITE_URL,'/') . '/reset_password.php?token=' . urlencode($token); $subject = SITE_NAME . ' — Password Reset Request'; $body = "Hi {$user['alias']},\n\nA password reset was requested for your account.\n\nClick here to reset: {$resetUrl}\n\nExpires in 1 hour. If you didn't request this, ignore this email.\n\n— " . SITE_NAME; - $headers = "From: " . MAIL_FROM_NAME . " <" . MAIL_FROM . ">\r\nReply-To: " . MAIL_REPLY_TO; - mail($user['email'], $subject, $body, $headers, '-f' . MAIL_FROM); + cybermailSend($user['email'], $user['alias'], $subject, $body, '', ['password-reset']); echo json_encode(['success'=>true]); break;