/home/ejrndhmu/tokobiolink.com/forgot_password.php
<?php
require_once 'config/database.php';
require_once 'includes/functions.php';
require_once 'includes/email.php';

header('Content-Type: application/json');

// Start secure session
startSecureSession();

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    echo json_encode(['success' => false, 'message' => 'Method not allowed']);
    exit();
}

$email = trim($_POST['email'] ?? '');

if (empty($email)) {
    echo json_encode(['success' => false, 'message' => 'Email tidak boleh kosong']);
    exit();
}

if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    echo json_encode(['success' => false, 'message' => 'Format email tidak valid']);
    exit();
}

try {
    $db = new Database();
    
    // Check if email exists
    $db->query("SELECT id, full_name, email FROM users WHERE email = :email AND status = 'active'");
    $db->bind(':email', $email);
    $user = $db->single();
    
    if (!$user) {
        echo json_encode(['success' => false, 'message' => 'Email tidak ditemukan atau akun tidak aktif']);
        exit();
    }
    
    // Generate new password
    $newPassword = generateRandomPassword(8);
    $hashedPassword = hashPassword($newPassword);
    
    // Update password in database
    $db->query("UPDATE users SET password = :password WHERE id = :id");
    $db->bind(':password', $hashedPassword);
    $db->bind(':id', $user['id']);
    $db->execute();
    
    // Send email with new password
    $subject = 'Reset Password - ' . getSiteName();
    $message = "Halo {$user['full_name']},\n\n";
    $message .= "Password Anda telah direset. Berikut adalah password baru Anda:\n\n";
    $message .= "Email: {$user['email']}\n";
    $message .= "Password Baru: {$newPassword}\n\n";
    $message .= "Silakan login dengan password baru ini dan segera ganti password Anda di pengaturan akun.\n\n";
    $message .= "Terima kasih,\n";
    $message .= getSiteName();
    
    $emailSent = sendMailketingEmail($user['email'], $subject, $message);
    
    if ($emailSent) {
        echo json_encode([
            'success' => true, 
            'message' => 'Password baru telah dikirim ke email Anda. Silakan cek inbox atau folder spam.'
        ]);
    } else {
        echo json_encode([
            'success' => false, 
            'message' => 'Gagal mengirim email. Silakan coba lagi atau hubungi administrator.'
        ]);
    }
    
} catch (Exception $e) {
    error_log('Forgot password error: ' . $e->getMessage());
    echo json_encode([
        'success' => false, 
        'message' => 'Terjadi kesalahan sistem. Silakan coba lagi.'
    ]);
}

// Function to generate random password
function generateRandomPassword($length = 8) {
    $characters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
    $password = '';
    $charactersLength = strlen($characters);
    
    for ($i = 0; $i < $length; $i++) {
        $password .= $characters[rand(0, $charactersLength - 1)];
    }
    
    return $password;
}

// Function to get site name
function getSiteName() {
    return 'Kiblat Digital';
}
?>
Path: home/ejrndhmu/tokobiolink.com