request_method === 'GET') { } elseif ($API_resetpassword->request_method === 'POST') { # Reset a users password and send a email to the user to set a new password $API_resetpassword->checkPermissions('admin-access-admins-resetpassword', 'RW'); # The user will need to verify their email, the password field cannot be NULL so set an random password for now till the user resets it on when verifing there email $random_string = substr(str_shuffle(str_repeat('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01', 64)), 0, rand(50, 64)); $user_password = password_hash($random_string, PASSWORD_BCRYPT, ["cost" => 12]); $API_resetpassword->postedData['user_password'] = $user_password; # Password reset token that will be send to the user $API_resetpassword->postedData['user_password_reset_token'] = bin2hex(random_bytes(32)); $API_resetpassword->postedData['user_password_reset_expires'] = time() + 86400; $requiredFields = [ 'user_uuid' => ['type' => 'uuid'], 'user_password' => ['type' => 'string'], 'user_password_reset_token' => ['type' => 'string'], 'user_password_reset_expires' => ['type' => 'int'], ]; $API_resetpassword->validateData($requiredFields); $API_resetpassword->resetPassword(); $API_users = new API_users(); $_GET['builder'] = [1 => ['where' => [0 => 'user_uuid', 1 => $API_resetpassword->data['user_uuid']]]]; $user_data = $API_users->getUser()[0]; # Sending an email to the user $host = $_SERVER['HTTP_HOST']; $verifyLink = "https://{$host}/login/verifyEmail.php?token={$API_resetpassword->data['user_password_reset_token']}"; $mail = new mailBuilder(); $mail->subject = "Hello " . $user_data['user_full_name'] . ", Here’s Your Password Reset Link"; $mail->addAddress($user_data['user_email'], $user_data['user_first_name']); $mail->mailText = ' Hello ' . $user_data['user_first_name'] . ',

We received a request to reset the password for your account. As a security measure, your password has been reset.

To set a new password of your choice, click the text below:
Reset Password

Or copy and paste the following link into your browser:
' . $verifyLink . '

This link is valid for 24 hours from the time of this request.

If you did not request this, you can safely ignore this email. No further action is required, and your account remains secure.

Best regards,

The Sentri gnomes '; $mail->sendMail(); $API_resetpassword->apiOutput(200, ['success' => 'Password reset link sent successfully.']); } elseif ($API_resetpassword->request_method === 'PUT') { } elseif ($API_resetpassword->request_method === 'DELETE') { }