false, 'message' => 'Invalid request method.']); exit; } include "../../config/config.php"; include "../utils/get_location.php"; $username=$_SESSION["username"] ?? ""; if ($username === "") { echo json_encode(['success' => false, 'message' => 'Missing username.']); exit; } $sql="SELECT id, email, telegram_id FROM users WHERE username = ?;"; $conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE); $mail=""; $id=""; $telegram_id=""; $stmt = mysqli_prepare($conn, $sql); mysqli_stmt_bind_param($stmt, 's', $username); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); mysqli_stmt_bind_result($stmt,$id, $mail,$telegram_id); mysqli_stmt_fetch($stmt); $user_found = mysqli_stmt_num_rows($stmt) === 1; mysqli_stmt_close($stmt); if (!$user_found) { echo json_encode(['success' => true, 'message' => 'If the account has reset methods configured, a reset link has been sent.']); exit; } //send telegram message $device = $_SERVER['HTTP_USER_AGENT'] ?? ""; //$ip=$_SERVER["REMOTE_ADDR"]; $forwarded_for = $_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["REMOTE_ADDR"] ?? ""; $ip=trim(explode(",",$forwarded_for)[0]); $location=get_location_from_ip($ip); $date=date('Y-m-d H:i:s'); $token=bin2hex(random_bytes(128)); $link="https://auth.jakach.ch/login/reset_pw.php?token=$token"; $message = "*Password reset token*\n\n" . "You have requested the reset of your password here is your reset link.\n\n" . "*Link*: [click here]($link)\n\n" . "*Details of this request:*\n" . "• *Date&Time*: $date\n" . "• *Device&Browser*: $device\n" . "*Location*: ".$location["country"].", ".$location["state"].", ".$location["city"]."\n" . "• *Account*: ".$_SESSION["username"]."\n" . "• *IP*: $ip\n\n" ."If this was you, you can reset your password. If this was not you somebody else tried to reset your password!\n" . "*Thank you for using Jakach login!*"; // Telegram API URL $url = "https://api.telegram.org/$TELEGRAM_BOT_API/sendMessage"; $message_data = [ 'chat_id' => $telegram_id, 'text' => $message, 'parse_mode' => 'Markdown', // Use Markdown for formatting ]; // Use cURL to send the request $ch = curl_init(); // Construct the GET request URL $query_string = http_build_query($message_data); // Converts the array to URL-encoded query string $get_url = $url . '?' . $query_string; // Append query string to the base URL curl_setopt($ch, CURLOPT_URL, $get_url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // Still retrieve the response if needed curl_exec($ch); curl_close($ch); //send mail if(!empty($mail)){ $loc=$location["country"].", ".$location["state"].", ".$location["city"]; $content = ' Use this link to reset your password. The link is only valid for 12 hours. '; $message = [ "personalizations" => [ [ "to" => [ [ "email" => $mail ] ] ] ], "from" => [ "email" => $SENDGRID_MAIL ], "subject" => "Jakach login password reset", "content" => [ [ "type" => "text/html", "value" => $content ] ] ]; $url = "https://api.sendgrid.com/v3/mail/send"; // Initialize cURL $ch = curl_init($url); // Set cURL options curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_HTTPHEADER, [ "Authorization: Bearer $SENDGRID_KEY", "Content-Type: application/json" ]); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($message)); // Execute the cURL request curl_exec($ch); curl_close($ch); } //insert the token into our db $valid_until=time()+(12 * 60 * 60); $sql="INSERT INTO reset_tokens (auth_token, user_id,valid_until) VALUES (?,?,?);"; $stmt = mysqli_prepare($conn, $sql); mysqli_stmt_bind_param($stmt, 'sii', $token,$id,$valid_until); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); echo json_encode(['success' => true, 'message' => 'If the account has reset methods configured, a reset link has been sent.']); ?>