NOW() LIMIT 1',
['t' => $hashed]
);
if (!$row) {
$error = 'This reset link has expired or already been used. Request a new one below.';
}
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
csrf_verify();
$pw = $_POST['password'] ?? '';
$pw2 = $_POST['password_confirm'] ?? '';
if (strlen($pw) < 8) {
$error = 'Password must be at least 8 characters.';
} elseif ($pw !== $pw2) {
$error = 'The two passwords don\'t match.';
} else {
$member = auth_consume_reset_token($token);
if (!$member) {
$error = 'This reset link is no longer valid. Request a new one.';
} else {
auth_set_password((int)$member['id'], $pw);
header('Location: login.php?reset=1');
exit;
}
}
}
require 'includes/header.php';
?>
Set a new password
Pick something secure — you'll use this to sign in from now on.