prepare('SELECT id FROM users WHERE reset_token = ? AND reset_expires_at > NOW()');
$stmt->execute([$token]);
$user = $stmt->fetch();
if (!$user) {
$error = 'The reset link is invalid or has expired. Please request a new one.';
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
$password = $_POST['password'] ?? '';
$confirm_password = $_POST['confirm_password'] ?? '';
if (empty($password) || empty($confirm_password)) {
$error = 'Please fill in both password fields.';
} elseif ($password !== $confirm_password) {
$error = 'Passwords do not match.';
} elseif (strlen($password) < 8) {
$error = 'Password must be at least 8 characters long.';
} else {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$update = db()->prepare('UPDATE users SET password = ?, reset_token = NULL, reset_expires_at = NULL WHERE id = ?');
$update->execute([$hashed_password, $user['id']]);
$success = 'Your password has been successfully reset. You can now log in with your new password.';
}
}
?>
Set New Password — <?php echo htmlspecialchars($project_name); ?>