prepare("SELECT * FROM password_resets WHERE token = :token AND created_at > NOW() - INTERVAL 1 HOUR"); $stmt->bindParam(':token', $token); $stmt->execute(); $reset_request = $stmt->fetch(PDO::FETCH_ASSOC); if (!$reset_request) { $error = "Invalid or expired password reset token."; } else { $show_form = true; $email = $reset_request['email']; if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['password']) && isset($_POST['password_confirm'])) { $password = $_POST['password']; $password_confirm = $_POST['password_confirm']; if ($password !== $password_confirm) { $error = "Passwords do not match."; } else { // Update user's password $hashed_password = password_hash($password, PASSWORD_DEFAULT); $stmt = $db->prepare("UPDATE users SET password = :password WHERE email = :email"); $stmt->bindParam(':password', $hashed_password); $stmt->bindParam(':email', $email); $stmt->execute(); // Delete the reset token $stmt = $db->prepare("DELETE FROM password_resets WHERE email = :email"); $stmt->bindParam(':email', $email); $stmt->execute(); $message = "Your password has been reset successfully. You can now log in with your new password."; $show_form = false; } } } } include 'header.php'; ?>

Reset Password

Go to Login