Admin Control Panel v2.0

✎ Editing: processa_esqueci_senha.php ← Back

<?php
/**
 * public/processa_esqueci_senha.php
 * - Aceita e-mail ou CPF
 * - Cria token (hash sha256) com validade de 1h em password_resets
 * - Envia link por e-mail via SMTP Hostinger (PHPMailer)
 * - Mensagem sempre genérica
 */

session_start();
require_once __DIR__ . '/../admin/conexao.php';

/* Ative logs no ambiente local (opcional) */
ini_set('display_errors', 1);
error_reporting(E_ALL);

/* ======================== CONFIG SMTP (edite aqui) ======================== */
const SMTP_HOST     = 'smtp.hostinger.com';
const SMTP_PORT     = 465;                       // 465 (SSL) recomendado
const SMTP_SECURE   = 'ssl';                     // 'ssl' (465) ou 'tls' (587)
const SMTP_USER     = 'contato@borabilhete.com'; // seu e-mail da Hostinger
const SMTP_PASS     = '2318Bora@.';          // senha do e-mail
const FROM_NAME     = 'Bora Bilhete';
/* ========================================================================= */

$toDigits = fn($s) => preg_replace('/\D+/', '', (string)$s);

function flash_and_back($msg){
  $_SESSION['reset_flash'] = $msg;
  header('Location: esqueci_senha.php');
  exit;
}
function flash_generic(){
  flash_and_back('Se o e-mail/CPF estiver cadastrado, enviaremos um link para redefinição.');
}

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
  header('Location: esqueci_senha.php'); exit;
}

$login = trim($_POST['login'] ?? '');
if ($login === '') { flash_generic(); }

/* Localiza cliente */
$isEmail = filter_var($login, FILTER_VALIDATE_EMAIL) || str_contains($login, '@');

if ($isEmail) {
  $st = $conn->prepare("SELECT id, email, nome FROM clientes WHERE LOWER(email)=LOWER(?) LIMIT 1");
  $st->bind_param('s', $login);
} else {
  $cpf = $toDigits($login);
  if ($cpf === '') { flash_generic(); }
  $st = $conn->prepare("
    SELECT id, email, nome
      FROM clientes
     WHERE REPLACE(REPLACE(REPLACE(cpf, '.', ''), '-', ''), ' ', '') = ?
     LIMIT 1
  ");
  $st->bind_param('s', $cpf);
}
$st->execute();
$cli = $st->get_result()->fetch_assoc();
$st->close();

if (!$cli || empty($cli['email'])) { flash_generic(); }

/* Tabela de resets */
$conn->query("
CREATE TABLE IF NOT EXISTS `password_resets` (
  `id` INT(11) NOT NULL AUTO_INCREMENT,
  `cliente_id` INT(11) NOT NULL,
  `token` VARCHAR(64) NOT NULL,            -- guardamos SHA-256 (hex 64)
  `expires_at` DATETIME NOT NULL,
  `created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
  PRIMARY KEY (`id`),
  UNIQUE KEY `uniq_token` (`token`),
  KEY `idx_cliente` (`cliente_id`),
  CONSTRAINT `fk_password_resets_clientes`
    FOREIGN KEY (`cliente_id`) REFERENCES `clientes`(`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
");

/* Gera token bruto e grava o hash */
$rawToken   = bin2hex(random_bytes(32)); // mostrado na URL
$tokenHash  = hash('sha256', $rawToken); // salvo no banco
$expiresAt  = (new DateTime('+1 hour'))->format('Y-m-d H:i:s');
$clienteId  = (int)$cli['id'];

/* Limpa tokens do cliente e expirados */
$st = $conn->prepare("DELETE FROM password_resets WHERE cliente_id=? OR expires_at < NOW()");
$st->bind_param('i', $clienteId);
$st->execute();
$st->close();

/* Insere novo token */
$st = $conn->prepare("INSERT INTO password_resets (cliente_id, token, expires_at) VALUES (?,?,?)");
$st->bind_param('iss', $clienteId, $tokenHash, $expiresAt);
if (!$st->execute()) { $st->close(); flash_generic(); }
$st->close();

/* Monta link absoluto */
$scheme = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
$host   = $_SERVER['HTTP_HOST'] ?? 'localhost';
$base   = rtrim(dirname($_SERVER['SCRIPT_NAME']), '/\\'); // /portal_ingressos/public
$link   = $scheme . '://' . $host . $base . '/redefinir_senha.php?token=' . urlencode($rawToken);

/* Autoload do Composer */
$autoloads = [
  __DIR__ . '/../vendor/autoload.php',
  __DIR__ . '/../../vendor/autoload.php'
];
$autoload = null;
foreach ($autoloads as $p) { if (file_exists($p)) { $autoload = $p; break; } }
if (!$autoload) { flash_generic(); }
require_once $autoload;

/* Usa FQCN para evitar 'use' no meio do arquivo */
try {
  $mail = new \PHPMailer\PHPMailer\PHPMailer(true);
  $mail->CharSet  = 'UTF-8';
  $mail->isSMTP();
  $mail->Host     = SMTP_HOST;
  $mail->SMTPAuth = true;
  $mail->Username = SMTP_USER;
  $mail->Password = SMTP_PASS;

if (SMTP_SECURE === 'ssl') {
    $mail->SMTPSecure = \PHPMailer\PHPMailer\PHPMailer::ENCRYPTION_SMTPS; // 465
    $mail->Port       = SMTP_PORT ?: 465;
  } else {
    $mail->SMTPSecure = \PHPMailer\PHPMailer\PHPMailer::ENCRYPTION_STARTTLS; // 587
    $mail->Port       = SMTP_PORT ?: 587;
  }

$mail->setFrom(SMTP_USER, FROM_NAME);
  $mail->addAddress($cli['email'], $cli['nome'] ?? '');

$mail->isHTML(true);
  $mail->Subject = 'Redefinição de senha - Bora Bilhete';

$body  = '<div style="font-family:Arial,Helvetica,sans-serif;max-width:560px;margin:auto;padding:16px">';
  $body .= '<h2 style="margin:0 0 12px 0;color:#111">Redefinição de senha</h2>';
  $body .= '<p>Olá' . (!empty($cli['nome']) ? ', <strong>'.htmlspecialchars($cli['nome']).'</strong>' : '') . '.</p>';
  $body .= '<p>Para redefinir sua senha, clique no botão abaixo:</p>';
  $body .= '<p style="margin:18px 0"><a href="'.htmlspecialchars($link).'" ';
  $body .= 'style="background:#f71a63;color:#fff;text-decoration:none;padding:12px 18px;border-radius:6px;display:inline-block">';
  $body .= 'Redefinir minha senha</a></p>';
  $body .= '<p style="font-size:13px;color:#555">Este link expira em 1 hora. Se você não solicitou, ignore.</p>';
  $body .= '<p style="margin-top:28px;font-size:12px;color:#888">URL alternativa:<br>';
  $body .= '<a href="'.htmlspecialchars($link).'">'.htmlspecialchars($link).'</a></p>';
  $body .= '</div>';

$mail->Body    = $body;
  $mail->AltBody = "Redefinição de senha\n\nAcesse o link (expira em 1 hora):\n$link";
  $mail->send();

flash_generic();
} catch (\Exception $e) {
  // Opcional: error_log('Mailer error: '.$e->getMessage());
  flash_generic();
}

Cancel