prepare("SELECT * FROM password_resets WHERE token = ?"); $stmt->execute([$token]); $reset_request = $stmt->fetch(); if ($reset_request && $reset_request['expires'] >= date("U")) { $email = $reset_request['email']; $hashed_password = password_hash($password, PASSWORD_DEFAULT); $stmt = $pdo->prepare("UPDATE users SET password = ? WHERE email = ?"); $stmt->execute([$hashed_password, $email]); // Delete the used token $stmt = $pdo->prepare("DELETE FROM password_resets WHERE email = ?"); $stmt->execute([$email]); $_SESSION['message'] = 'Your password has been successfully reset. Please log in with your new password.'; $_SESSION['message_type'] = 'success'; header("Location: login.php"); exit; } else { $error = "Invalid or expired password reset token."; } } catch (PDOException $e) { $error = "Database error: " . $e->getMessage(); error_log($error); } } // If there was an error, redirect back to the reset form with the token $_SESSION['error'] = $error; header("Location: reset_password_form.php?token=" . urlencode($token)); exit; }