prepare('SELECT id, username FROM users WHERE reset_token = ? AND reset_expires > NOW() LIMIT 1'); $stmt->execute([$token]); $user = $stmt->fetch(); if (!$user) { $token_invalid = true; } if (!isset($token_invalid) && $_SERVER['REQUEST_METHOD'] === 'POST') { $password = $_POST['password'] ?? ''; $password_confirm = $_POST['password_confirm'] ?? ''; if (strlen($password) < 8) { $errors[] = 'Password must be at least 8 characters.'; } if ($password !== $password_confirm) { $errors[] = 'Passwords do not match.'; } if (empty($errors)) { $hash = password_hash($password, PASSWORD_BCRYPT); $pdo->prepare('UPDATE users SET password_hash = ?, reset_token = NULL, reset_expires = NULL WHERE id = ?') ->execute([$hash, $user['id']]); $success = true; header('Location: ' . BASE_URL . '/login?reset=1'); exit; } } ?> Reset Password — <?= htmlspecialchars($site_name) ?>

✝

Reset Password

This password reset link is invalid or has expired.

Request a new link