<?= SITE_NAME ?> — Reset Password

prepare( "SELECT * FROM pending_registrations WHERE token=? AND username='__reset__' AND expires_at > NOW()" ); $stmt->execute([$token]); $pending = $stmt->fetch(); } if ($_SERVER['REQUEST_METHOD'] === 'POST') { $token = trim($_POST['token'] ?? ''); $password = $_POST['password'] ?? ''; $confirm = $_POST['confirm'] ?? ''; // Re-fetch pending row inside POST to prevent token reuse after expiry $stmt = db()->prepare( "SELECT * FROM pending_registrations WHERE token=? AND username='__reset__' AND expires_at > NOW()" ); $stmt->execute([$token]); $pending = $stmt->fetch(); if (!$pending) { $error = 'This reset link has expired or already been used. Please request a new one.'; } elseif (strlen($password) < 6) { $error = 'Password must be at least 6 characters.'; } elseif ($password !== $confirm) { $error = 'Passwords do not match.'; } else { $hash = password_hash($password, PASSWORD_BCRYPT, ['cost' => 8]); $updated = db()->prepare("UPDATE users SET password=? WHERE email=?") ->execute([$hash, $pending['email']]); db()->prepare("DELETE FROM pending_registrations WHERE token=?")->execute([$token]); $success = true; $pending = null; } } ?> <?= SITE_NAME ?> — Reset Password

🎮

✅

Password Updated!

Your password has been reset successfully. You can now log in with your new password.

BACK TO LOGIN ❌

Invalid Link

This password reset link is invalid or has expired.
Please request a new one from the app.

BACK TO HOME

Reset Password

Enter a new password for your account.