backend/src/routes/admin.js

@@ -50,12 +50,9 @@ router.post('/generate-reset-token', verifyToken, requireAdmin, asyncHandler(asy
     [userId, token, req.user.userId, expiresAt]
   );
 
-  // Generate reset URL
-  const resetUrl = `${process.env.FRONTEND_URL || 'http://localhost:5173'}/reset-password/${token}`;
-
   res.json({
     success: true,
-    resetUrl,
+    token,
     user: {
       id: user.id,
       username: user.username,

frontend/src/pages/Admin.jsx

@@ -40,8 +40,10 @@ function Admin() {
   const handleGenerateResetToken = async (userId) => {
     try {
       const data = await api.generateResetToken(userId);
+      // Build URL using current domain (works in dev and prod)
+      const resetUrl = `${window.location.origin}/reset-password/${data.token}`;
       setGeneratedUrl({
-        url: data.resetUrl,
+        url: resetUrl,
         user: data.user,
         expiresAt: data.expiresAt
       });