$msg = "";

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $username = $_POST['username'];
    $new_pass = $_POST['new_password'];
    $confirm_pass = $_POST['confirm_password'];

    // Check admin exists
    $stmt = $conn->prepare("SELECT id FROM admins WHERE username=? AND role='admin'");
    $stmt->bind_param("s", $username);
    $stmt->execute();
    $stmt->store_result();

    if ($stmt->num_rows == 1) {
        if ($new_pass === $confirm_pass) {
            $new_hash = password_hash($new_pass, PASSWORD_BCRYPT);
            $stmt->bind_result($admin_id);
            $stmt->fetch();
            $update = $conn->prepare("UPDATE admins SET password=? WHERE id=?");
            $update->bind_param("si", $new_hash, $admin_id);
            if ($update->execute()) {
                $msg = "<span style='color:green;'>✅ Password reset successfully!</span> <a href='login.php'>Login Now</a>";
            } else {
                $msg = "<span style='color:red;'>❌ Failed to reset password.</span>";
            }
            $update->close();
        } else {
            $msg = "<span style='color:red;'>❌ Passwords do not match.</span>";
        }
    } else {
        $msg = "<span style='color:red;'>❌ Username not found or not an admin.</span>";
    }
    $stmt->close();
}
?>

<!DOCTYPE html>
<html>
<head>
    <title>Forgot Admin Password</title>
    <style>
        body { font-family: 'Segoe UI', sans-serif; background: #f4f8fb; padding: 30px; }
        .container { background: #fff; max-width: 400px; margin: auto; padding: 30px; border-radius: 10px; box-shadow: 0 0 12px rgba(0,0,0,0.12);}
        input[type=text], input[type=password] { width: 100%; padding: 8px; border: 1px solid #ccc; border-radius: 4px; margin-top: 10px; }
        input[type=submit] { margin-top: 15px; padding: 10px 16px; background: #007bff; color: #fff; border: none; border-radius: 4px; cursor: pointer;}
        input[type=submit]:hover { background: #0056b3;}
        .msg { margin-top: 20px; }
    </style>
</head>
<body>
<div class="container">
    <h2>Forgot Password</h2>
    <form method="POST">
        <input type="text" name="username" placeholder="Admin Username" required>
        <input type="password" name="new_password" placeholder="New Password" required>
        <input type="password" name="confirm_password" placeholder="Confirm New Password" required>
        <input type="submit" value="Reset Password">
    </form>
    <div class="msg"></div>
    <a href="login.php" style="color:#007bff; display:block; margin-top:20px;">⬅️ Back to Login</a>
</div>
</body>
</html>