// ── STEP: Verify OTP that came via WhatsApp bot (no-WhatsApp user path) ──────── if ($_SERVER['REQUEST_METHOD'] === 'POST' && ($_POST['action'] ?? '') === 'verify_wa_otp') { $phone = preg_replace('/\D/', '', trim($_POST['phone'] ?? '')); $otp = trim($_POST['otp'] ?? ''); $newPass = $_POST['new_password'] ?? ''; $confPass = $_POST['confirm_password'] ?? ''; if (strlen($phone) !== 10) { $error = 'Please enter a valid 10-digit mobile number.'; } elseif (strlen($otp) !== 6) { $error = 'Please enter the 6-digit OTP.'; } elseif (strlen($newPass) < 6) { $error = 'Password must be at least 6 characters.'; } elseif ($newPass !== $confPass) { $error = 'Passwords do not match.'; } else { // Check OTP from wa_otps table (set by WhatsApp bot) $otpRow = $conn->query("SELECT * FROM wa_otps WHERE phone='$phone' AND otp='$otp' AND used=0 AND created_at > DATE_SUB(NOW(), INTERVAL 15 MINUTE) ORDER BY id DESC LIMIT 1"); if (!$otpRow || $otpRow->num_rows === 0) { $error = 'Invalid or expired OTP. Please request a new one via WhatsApp.'; } else { $otpId = $otpRow->fetch_assoc()['id']; $custRow = $conn->query("SELECT id FROM customers WHERE phone='$phone' LIMIT 1"); if (!$custRow || $custRow->num_rows === 0) { $error = 'No account found. Create one here.'; } else { $custId = intval($custRow->fetch_assoc()['id']); $hashed = password_hash($newPass, PASSWORD_DEFAULT); $conn->query("UPDATE customers SET password='$hashed' WHERE id=$custId"); $conn->query("UPDATE wa_otps SET used=1 WHERE id=$otpId"); $step = 'done'; $success = 'Password reset successfully!'; } } } }

🔐 Reset Password

Enter your mobile number to get an OTP

Registered Mobile Number *

🇮🇳 +91

Send OTP on WhatsApp 💬

← Back to Login