<?php if (isset($_POST['submit_pass'])) { $new_pass = mysqli_real_escape_string($db, $_POST['new_pass']); $new_pass_c = mysqli_real_escape_string($db, $_POST['new_pass_c']); $token =$_SESSION['token']); if (empty($new_pass) || empty($new_pass_c)) {array_push($errors, "Password is required");} if ($new_pass !== $new_pass_c) {array_push($errors, "Password do not match");} if (count($errors) == 0) { $sql = "SELECT * FROM password_resets WHERE token='$token' LIMIT 1"; $results = mysqli_query($db, $sql) or trigger_error( "Query Failed!". mysqli_error($db)); $email = mysqli_fetch_assoc($results)['username']; if ($email) { $new_pass = md5($new_pass); $sql = "UPDATE tutor SET password='$new_pass' WHERE tutor_username='$email'"; $results = mysqli_query($db, $sql) or trigger_error( "Query Failed!". mysqli_error($db)); header('location: ../st_login.php'); } } } ?>
$_SESSION
$_GET
$_REQUEST
var
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)