<body><form id="forgotpwdreset" name="forgotpwdreset" method="post" action=""

1. <body>
2.  
3.  
4. <form id="forgotpwdreset" name="forgotpwdreset" method="post" action="" onsubmit="forgotpwdalert()"<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>
5.  
6. <table border="0">
7. <tr></tr>
8. <tr></tr>
9.  
10. <input type="hidden" name="email" value="<?php echo $email; ?>" />
11. <input type="hidden" name="token" value="<?php echo $token; ?>" />
12.  
13.  
14. Password must be at least 8 characters long and contain at least 1 number AND 1 capital letter.<br /><br />
15. <tr>New Password: <align="center"><input required type="password" name="newpassword" id="newpassword" placeholder="" pattern="(?=.*d)(?=.*[A-Z]).{8,}">&nbsp;&nbsp;<input type="checkbox" onclick="togglepassword()"> Show Password<br /><br />
16. <tr></tr><br />
17.  
18. <tr>Confirm Password: <align="center"><input required type="password" name="newpassword2" id="newpassword2" placeholder="" pattern="(?=.*d)(?=.*[A-Z]).{8,}" onchange="confirmpwd()"><br />
19. <tr></tr><br />
20.  
21. <tr>
22. <tr></tr><br />
23.  
24. <tr><align="center"><input type="submit" name="pwdresetsubmit" id="pwdresetsubmit" value="Reset Password" onclick="return confirmpwd()" />&nbsp;&nbsp;&nbsp
25. <tr></tr><br />
26.  
27. </table>
28.  
29. <?php
30.  
31. include 'insert.php';
32.  
33. if(isset($_SESSION['ondashsession'])){
34.  
35. $session = $_SESSION['ondashsession'];
36.  
37. $sql = "SELECT * FROM ondash_idaccount WHERE ID = '$session'";
38. $result = mysqli_query($dbcon, $sql) or die("Error");
39.  
40.  
41. while($row = mysqli_fetch_assoc($result)){
42. echo "You are already logged in, " . $row['firstname'] . "." . "<br />";
43. }
44. }else{
45.  
46.  
47.  
48. if (isset($_POST['pwdresetsubmit'])) {
49.  
50. $newpassword2 = $_POST['newpassword2'];
51. $ipaddress = $_SERVER['REMOTE ADDR'];
52. // Grab token and email that came from the email link
53. $token = $_GET['token'];
54. $email = $_GET['email'];
55.  
56. //echo "Token: " . $token . "<br />" . "Email: " . $email; //returns correct info working properly.
57.  
58.  
59. // select email address of user from the password_reset table
60.  
61. $sqlnewpass = "SELECT * FROM password_resets WHERE token='$token' AND email='$email'";
62. $results = mysqli_query($dbcon, $sqlnewpass);
63.  
64.  
65. if (mysqli_num_rows($results) > 0 ){
66. $row = mysqli_fetch_assoc($results);
67.  
68. // print_r($row['email']); //returns correct result
69. // print_r("# of rows: " . $numrows); //returns correct result
70.  
71. //WORKS UP TO HERE...WORKS UP TO HERE...WORKS UP TO HERE...WORKS UP TO HERE...WORKS UP TO HERE...WORKS UP TO HERE...
72.  
73. $sql2 = "UPDATE ondash_idaccount SET `password`=?, `ipaddress`=? WHERE `email`='$email'";
74. $stmt2 = mysqli_stmt_init($dbcon);
75.  
76. if(!mysqli_stmt_prepare($stmt2, $sql2)){
77. echo "SQL error" . $dbcon->error;
78. }else{
79.  
80. $hashedpassword = password_hash($newpassword2, PASSWORD_DEFAULT);
81. //var_dump($hashedpassword); //generating hash pwd works but not updating database
82.  
83.  
84. mysqli_stmt_bind_param($stmt2, "ss", $hashedpassword, $ipaddress);
85. mysqli_stmt_execute($stmt2);
86. $stmt2->close();
87. error_reporting(E_ALL);
88. // echo "SQL 2 error" . $dbcon->error; //No errors reporting
89.  
90. $UsedToken = 'UsedToken';
91.  
92. "UPDATE password_resets SET `used`='$UsedToken', `ipaddress`='$ipaddress' WHERE `token`='$token' AND `email`='$email'";
93.  
94.  
95. }
96. }
97. }
98.  
99. ?>