$backUrl ="/login";
$backUrl = $backUrl ?? null;
$pageTitle = 'Reset Password';
?>
session_start();
include("includes/connection.php");

require_once __DIR__ . '/../config/smtp.php';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $email = trim($_POST['email']);

    $stmt = $mysqli->prepare("SELECT id FROM tbl_users WHERE email = ?");
    $stmt->bind_param("s", $email);
    $stmt->execute();
    $stmt->store_result();

    if ($stmt->num_rows > 0) {
        $stmt->bind_result($user_id);
        $stmt->fetch();

        $token = bin2hex(random_bytes(32));
        $tokenHash = password_hash($token, PASSWORD_DEFAULT);
        $expiresAt = date("Y-m-d H:i:s", strtotime("+1 hour"));

        $update = $mysqli->prepare("UPDATE tbl_users SET reset_token = ?, token_expiry = ? WHERE id = ?");
        $update->bind_param("ssi", $tokenHash, $expiresAt, $user_id);
        $update->execute();

        $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? "https://" : "http://";
        $host_url = $_SERVER['HTTP_HOST'];
        $path = dirname($_SERVER['REQUEST_URI'], 1);
        $resetLink = $protocol . $host_url . $path . "reset-password.php?token=$token";

        $templateKey = 'password_reset';
        $templateStmt = $mysqli->prepare("SELECT subject, body FROM tbl_email_templates WHERE template_key = ? AND is_active = 1 LIMIT 1");
        $templateStmt->bind_param("s", $templateKey);
        $templateStmt->execute();
        $templateStmt->store_result();
        
        if ($templateStmt->num_rows > 0) {
        $templateStmt->bind_result($subject, $body);
            $templateStmt->fetch();
        
            $message = str_replace("{{RESET_LINK}}", $resetLink, $body);
            $domain  = parse_url((!empty($_SERVER['HTTPS']) ? "https" : "http") . "://" . $_SERVER['HTTP_HOST'], PHP_URL_HOST);
            $fromEmail = "no-reply@" . preg_replace('/^www\./', '', $domain);

            try {
                $mail = getMailer();
                $mail->setFrom($fromEmail, $fromEmail);
                $mail->addAddress($email);
                $mail->Subject = $subject;
                $mail->Body    = $message;
                $mail->AltBody = strip_tags($message);
                $mail->send();
            } catch (Exception $e) {
                error_log("Failed to send reset email to $email: " . $e->getMessage());
            }
        } else {
            error_log("Email template '$templateKey' not found or inactive.");
        }
    }
        
    $_SESSION['msg'] = "If your email exists in our system, a reset link has been sent.";
    header("Location: forgot-password.php");
    exit;
}

$backUrl ="/login";
$backUrl = $backUrl ?? null; 
$pageTitle = 'Reset Password';
?>
<!--
  Restrict the header width to 600px on desktop and center it horizontally.
  We use `left-1/2` and `-translate-x-1/2` to center the fixed element,
  ensuring it doesn't stretch across the full viewport. The `w-full` with
  `max-w-[600px]` allows it to shrink on smaller screens while capping the
  maximum width on larger displays.
-->
<header class="hidden">
  <button 
    aria-label="Go back" 
    class="text-white hover:text-[#52cafb] mr-2"
    <br />
<b>Warning</b>:  Undefined variable $backUrl in <b>/www/wwwroot/bidku.com/forgot-password.php</b> on line <b>85</b><br />
      onclick="history.back()"
    >
    <svg xmlns="http://www.w3.org/2000/svg" class="h-6 w-6" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2">
      <path stroke-linecap="round" stroke-linejoin="round" d="M15 19l-7-7 7-7" />
    </svg>
  </button>

  <h1 class="flex-grow text-center text-lg font-semibold text-white truncate">
    Page Title  </h1>
</header>

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8" />
  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
  <title>Forgot Password</title>
  <link href="https://cdn.jsdelivr.net/npm/tailwindcss@2.2.19/dist/tailwind.min.css" rel="stylesheet">

  <style>
    .card {
      border: 1px solid transparent;
      border-radius: 8px;
      --internal-bg: #081914;
      background-image: linear-gradient(var(--internal-bg), var(--internal-bg)), linear-gradient(to right, #52cafb, #7bff62);
      background-origin: border-box;
      background-clip: padding-box, border-box;
    }
    .btn-accent {
      background-color: #02b352;
      color: #ffffff;
    }
    .btn-accent:hover {
      background-color: #029a47;
    }
    .link-accent {
      color: #7bff62;
    }
    .link-accent:hover {
      text-decoration: underline;
    }

    .max-w-600 {
      max-width: 600px;
    }
  </style>
</head>
<body class="min-h-screen flex justify-center bg-black">
  <div class="relative w-full max-w-600 mx-auto bg-cover bg-center min-h-screen flex flex-col justify-center" style="background-image:url('/assets/images/bg.jpg')">
    <button onclick="history.back()" class="absolute top-4 left-4 text-white p-2 rounded-full hover:bg-white/10 transition" aria-label="Go back">
      <svg xmlns="http://www.w3.org/2000/svg" class="h-6 w-6" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2">
        <path stroke-linecap="round" stroke-linejoin="round" d="M15 19l-7-7 7-7" />
      </svg>
    </button>
    <div class="w-full max-w-600 bg-black/60 p-6 md:p-8 backdrop-blur-sm mx-auto">
      <h1 class="text-2xl font-semibold text-white mb-6 text-center">Forgot Your Password?</h1>
      <p class="text-gray-300 text-sm text-center mb-4">Enter your email address and we’ll send you a link to reset your password.</p>

      
      <form method="POST" class="space-y-4">
        <label for="email" class="block text-sm font-medium text-gray-300">Email address</label>
        <input type="email" id="email" name="email" required placeholder="you@example.com"
          class="w-full p-3 rounded-md bg-white text-gray-800 placeholder-gray-500 focus:outline-none focus:ring-2 focus:ring-green-500" />

        <button type="submit"
          class="w-full py-3 bg-green-600 hover:bg-green-700 text-white font-semibold rounded-md transition-colors duration-200">
          Send Reset Link
        </button>
      </form>

      <div class="mt-6 text-center text-sm text-gray-300">
        <a href="login.php" class="text-green-400 hover:text-green-500 underline transition">Back to Login</a>
      </div>
    </div>
  </div>
</body>
</html>