prepare("SELECT * FROM Users WHERE reset_token = ? AND reset_token_expires > NOW()");
$stmt->execute([$token]);
$user = $stmt->fetch();
if (!$user) {
$error = "Invalid or expired token.";
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $user) {
$password = $_POST['password'];
$password_confirm = $_POST['password_confirm'];
if ($password === $password_confirm) {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$stmt = $pdo->prepare("UPDATE Users SET password = ?, reset_token = NULL, reset_token_expires = NULL WHERE id = ?");
$stmt->execute([$hashed_password, $user['id']]);
$message = "Your password has been reset successfully. You can now login.";
} else {
$error = "Passwords do not match.";
}
}
?>