prepare("UPDATE users SET name = ?, phone = ? WHERE id = ?");
if ($stmt->execute([$name, $phone, $user_id])) {
$_SESSION['user_name'] = $name; // Update session name
$msg = "Profile updated successfully!";
$msgClass = "success";
} else {
$msg = "Error updating profile.";
$msgClass = "error";
}
}
// 2. HANDLE PASSWORD CHANGE (Manual)
if (isset($_POST['change_password'])) {
$current_pass = $_POST['current_password'];
$new_pass = $_POST['new_password'];
$confirm_pass = $_POST['confirm_password'];
// Fetch current hash
$stmt = $pdo->prepare("SELECT password_hash FROM users WHERE id = ?");
$stmt->execute([$user_id]);
$user_data = $stmt->fetch();
if (password_verify($current_pass, $user_data['password_hash'])) {
if ($new_pass === $confirm_pass) {
$new_hash = password_hash($new_pass, PASSWORD_DEFAULT);
$pdo->prepare("UPDATE users SET password_hash = ? WHERE id = ?")->execute([$new_hash, $user_id]);
$msg = "Password changed successfully!";
$msgClass = "success";
} else {
$msg = "New passwords do not match.";
$msgClass = "error";
}
} else {
$msg = "Current password is incorrect.";
$msgClass = "error";
}
}
// 3. HANDLE "FORGOT PASSWORD" (Send Reset Link)
if (isset($_POST['send_reset_link'])) {
// Fetch user email
$stmt = $pdo->prepare("SELECT email FROM users WHERE id = ?");
$stmt->execute([$user_id]);
$user_email = $stmt->fetchColumn();
if ($user_email) {
// Generate Token
$token = bin2hex(random_bytes(50));
// Remove old tokens
$pdo->prepare("DELETE FROM password_resets WHERE email = ?")->execute([$user_email]);
// Insert new token
$stmt = $pdo->prepare("INSERT INTO password_resets (email, token) VALUES (?, ?)");
$stmt->execute([$user_email, $token]);
// SEND EMAIL
$resetLink = "https://prosubscriptionoffers.com/reset_password.php?token=" . $token;
$subject = "Password Reset Request - Pro Subscription Offers";
$message = "
Password Reset
Reset Your Password
You requested a password reset from your dashboard.
Set New Password
Or copy this link:
$resetLink
";
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$headers .= "From: Pro Subscription Offers " . "\r\n";
if(mail($user_email, $subject, $message, $headers)) {
$msg = "A reset link has been sent to your email.";
$msgClass = "success";
} else {
$msg = "Error sending email. Please contact support.";
$msgClass = "error";
}
}
}
// Fetch User Data to display in form
$user = $pdo->query("SELECT * FROM users WHERE id = $user_id")->fetch();
?>