From bc54c8c31e7f50a7a365f9b4d22fe8c74a29f61a Mon Sep 17 00:00:00 2001
From: Thomas Vanbesien <tvanbesi@proton.me>
Date: Sat, 21 Mar 2026 21:35:51 +0100
Subject: Add user authentication with email verification and password reset

Implements registration, login/logout, email verification via token,
and password reset flow. Includes CSRF protection, flash messages,
MailPit for dev email testing, and security docs in README.
---
 src/app/Mail.php | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 src/app/Mail.php

(limited to 'src/app/Mail.php')

diff --git a/src/app/Mail.php b/src/app/Mail.php
new file mode 100644
index 0000000..054c6e0
--- /dev/null
+++ b/src/app/Mail.php
@@ -0,0 +1,42 @@
+<?php
+
+declare(strict_types=1);
+// Sends emails using PHP's built-in mail() function.
+// In Docker, msmtp is configured as the sendmail transport.
+
+namespace App;
+
+class Mail
+{
+    public static function send(string $to, string $subject, string $body): bool
+    {
+        $from = getenv('MAIL_FROM') ?: 'noreply@camagru.local';
+        $headers = "From: $from\r\n";
+        $headers .= "Content-Type: text/html; charset=UTF-8\r\n";
+
+        return mail($to, $subject, $body, $headers);
+    }
+
+    public static function sendVerification(string $to, string $token): bool
+    {
+        $url = getenv('APP_URL') . '/verify?token=' . urlencode($token);
+        $subject = 'Camagru — Verify your email';
+        $body = '<p>Click the link below to verify your email address:</p>'
+              . '<p><a href="' . htmlspecialchars($url) . '">' . htmlspecialchars($url) . '</a></p>'
+              . '<p>If you did not create an account, ignore this email.</p>';
+
+        return self::send($to, $subject, $body);
+    }
+
+    public static function sendPasswordReset(string $to, string $token): bool
+    {
+        $url = getenv('APP_URL') . '/reset-password?token=' . urlencode($token);
+        $subject = 'Camagru — Reset your password';
+        $body = '<p>Click the link below to reset your password:</p>'
+              . '<p><a href="' . htmlspecialchars($url) . '">' . htmlspecialchars($url) . '</a></p>'
+              . '<p>This link expires in 1 hour.</p>'
+              . '<p>If you did not request a password reset, ignore this email.</p>';
+
+        return self::send($to, $subject, $body);
+    }
+}
-- 
cgit v1.2.3