prepare(" SELECT id, company_name, email, account_status FROM clients WHERE LOWER(email) = LOWER(?) "); $stmt->execute([$email]); $client = $stmt->fetch(); // Always show success to prevent email enumeration if ($client && $client['account_status'] !== 'suspended') { // Invalidate any existing unused tokens for this client $pdo->prepare(" UPDATE password_reset_tokens SET used = 1 WHERE client_id = ? AND used = 0 ")->execute([$client['id']]); $token = bin2hex(random_bytes(32)); $expires = date('Y-m-d H:i:s', strtotime('+2 hours')); $pdo->prepare(" INSERT INTO password_reset_tokens (client_id, email, token, expires_at) VALUES (?, ?, ?, ?) ")->execute([$client['id'], $client['email'], $token, $expires]); $resetLink = 'https://relevantreflex.com/clients/reset-password.php?token=' . $token; $name = htmlspecialchars($client['company_name']); $emailBody = "

Relevant Reflex — Client Portal

Dear {$name},

We received a request to reset the password for your client portal account. Click the button below to set a new password:

Reset My Password

Or copy this link into your browser:
{$resetLink}

⏱ This link expires in 2 hours. If you did not request this, you can safely ignore this email — your password will not change.

"; sendClientEmail($client['email'], 'Reset Your Client Portal Password — Relevant Reflex', $emailBody); logClientActivity('Password reset requested', ['client_id' => $client['id'], 'email' => $client['email']]); } $success = true; } catch (Exception $e) { logClientActivity('Forgot password error', ['error' => $e->getMessage()]); $errors[] = 'An error occurred. Please try again.'; } } } ?> Forgot Password — Relevant Reflex Client Portal

Relevant Reflex

Client Portal

✉

Check Your Email

If that email address is registered, a password reset link has been sent. Please check your inbox (and spam folder).

The link expires in 2 hours.

← Back to Login

🔒

Forgot Your Password?

Enter your registered email address and we'll send you a link to reset your password.

'; ?>

← Back to Login