NOW() AND active = 1',
['t' => hash('sha256', $token)]
) : null;
if (!$admin) {
$error = 'This reset link is invalid or has expired. Please request a new one.';
}
if ($admin && $_SERVER['REQUEST_METHOD'] === 'POST') {
csrf_verify();
$pw1 = (string)($_POST['password'] ?? '');
$pw2 = (string)($_POST['password2'] ?? '');
if (strlen($pw1) < 8) {
$error = 'Password must be at least 8 characters.';
} elseif ($pw1 !== $pw2) {
$error = 'Passwords do not match.';
} else {
$consumed = auth_admin_consume_reset_token($token);
if ($consumed) {
auth_admin_set_password((int)$consumed['id'], $pw1);
app_log("Admin password reset completed for: {$consumed['email']}");
$done = true;
} else {
$error = 'Could not complete the reset. Please request a new link.';
}
}
}
?>
Set new password — Admin
Set New Password
Password updated. You can now sign in with your new password.
