Reset password

1. <?php
2.  
3. $db = mysqli_connect('localhost', 'root', '', 'recover');
4.  
5.  
6. if(isset($_GET['token']))
7. {
8. $token = mysqli_real_escape_string($db, $_GET['token']);
9. $query = "SELECT * FROM forgot_password WHERE token ='$token'";
10. $run = mysqli_query($db, $query);
11.  
12. if(mysqli_num_rows($run) > 0)
13. {
14. $row = mysqli_fetch_array($run);
15. $token = $row['token'];
16. $email = $row['email'];
17. }
18. else
19. {
20. header("location:login.php");
21. }
22. }
23.  
24. if(isset($_POST['btn_reset']))
25. {
26. $email = mysqli_real_escape_string($db, $_POST['email']);
27. $password = mysqli_real_escape_string($db, $_POST['password']);
28. $con_pass = mysqli_real_escape_string($db, $_POST['confirm_password']);
29.  
30. $options = ['cost'=>11];
31. $hashed = password_hash($password, PASSWORD_BCRYPT, $options);
32.  
33. if($password != $con_pass)
34. {
35. $msg = "<div class='alert alert-danger'>Passwords do not match </div>";
36. }
37.  
38. elseif(strlen($password) < 8)
39. {
40. $msg = "<div class='alert alert-danger'>Password must be at least 8 characters </div>";
41. }
42. else
43. {
44. $query ="UPDATE register SET password = '$hashed' WHERE email='$email'";
45. mysqli_query($db, $query);
46. $query = "DELETE FROM forgot_password WHERE email = '$email'";
47. mysqli_query($db, $query);
48.  
49. $msg = "<div class='alert alert-success'>Password updated successfully </div>";
50. }
51. }
52.  
53. ?>
54. <!DOCTYPE html>
55. <html>
56. <head>
57. <title>Password </title>
58. <link rel="stylesheet" type="text/css" href="css/bootstrap.css">
59. <link rel="stylesheet" type="text/css" href="css/bootstrap.min.css">
60. <link rel="stylesheet" type="text/css" href="css/font-awesome.min.css">
61. <link rel="stylesheet" type="text/css" href="styles.css">
62. </head>
63. <body>
64.  
65. <div class="container" style="margin-top: 100px;">
66. <div class="row justify-content-center">
67. <div class="col-md-6 col-md-offset-3">
68. <h2>Reset Password</h2>
69. <form action="reset.php" method="POST">
70. <div class="form-group">
71. <label>Email</label>
72. <input type="email" name="email" value="<?php echo $email; ?>" class="form-control">
73. </div>
74.  
75. <div class="form-group">
76. <label>New Password</label>
77. <input type="password" name="password" class="form-control">
78. </div>
79. <div class="form-group">
80. <label>Confirm Password</label>
81. <input type="password" name="confirm_password" class="form-control">
82. </div>
83.  
84. <?php if (isset($msg)){ echo $msg; } ?>
85. <div class="form-group">
86. <button type="submit" name="btn_reset" class="btn btn-success">Reset Password</button>
87. </div>
88.  
89. </form>
90. </div>
91. </div>
92. </div>
93.  
94.  
95.  
96.  
97. <script type="text/javascript" src="js/bootstrap.js"></script>
98. <script type="text/javascript srcjs/bootstrap.min.css"></script>
99. </body>
100. </html>