false, 'message' => 'Hanya POST']); exit; } $email = trim($_POST['email'] ?? ''); if (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)) { echo json_encode(['success' => false, 'message' => 'Email tidak valid']); exit; } // Cek apakah email terdaftar $stmt = $conn->prepare("SELECT id, nama FROM users WHERE email = ? AND status = 'approved'"); $stmt->bind_param("s", $email); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows === 0) { // Jangan reveal apakah email terdaftar atau tidak (keamanan) echo json_encode(['success' => true, 'message' => 'Permintaan reset password Anda telah dikirim ke Admin.']); $stmt->close(); $conn->close(); exit; } $user = $result->fetch_assoc(); $stmt->close(); // Cek apakah sudah ada request pending $stmt2 = $conn->prepare("SELECT id FROM password_resets WHERE user_id = ? AND status = 'pending'"); $stmt2->bind_param("i", $user['id']); $stmt2->execute(); if ($stmt2->get_result()->num_rows > 0) { echo json_encode(['success' => true, 'message' => 'Permintaan reset sudah dikirim sebelumnya. Harap tunggu Admin memproses.']); $stmt2->close(); $conn->close(); exit; } $stmt2->close(); // Simpan request reset $stmt3 = $conn->prepare("INSERT INTO password_resets (user_id, email) VALUES (?, ?)"); $stmt3->bind_param("is", $user['id'], $email); if ($stmt3->execute()) { echo json_encode(['success' => true, 'message' => 'Permintaan reset password telah dikirim ke Admin. Harap tunggu konfirmasi.']); } else { echo json_encode(['success' => false, 'message' => 'Gagal mengirim permintaan: ' . $conn->error]); } $stmt3->close(); $conn->close();