| Server IP : 3.111.61.48 / Your IP : 216.73.216.67 Web Server : Apache System : Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64 User : ubuntu ( 1000) PHP Version : 8.2.31 Disable Function : exec,passthru,shell_exec,system MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /var/www/vhost/itms.arukustech.com/public/api/ |
Upload File : |
<?php
// DEBUG ENABLED
error_reporting(E_ALL);
ini_set('display_errors', 1);
require_once __DIR__ . '/../../app/db.php';
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
header("Location: /login.php");
exit;
}
$token = $_POST['token'] ?? '';
$password = $_POST['password'] ?? '';
if ($token === '' || $password === '') {
header("Location: /reset.php?token=$token&msg=Invalid request");
exit;
}
$pdo = db();
/* Validate token (15 min expiry) */
$st = $pdo->prepare("
SELECT * FROM password_resets
WHERE token = ?
AND created_at >= NOW() - INTERVAL 15 MINUTE
");
$st->execute([$token]);
$row = $st->fetch(PDO::FETCH_ASSOC);
if (!$row) {
die("Invalid or expired reset link.");
}
/* Hash password */
$hashed = password_hash($password, PASSWORD_DEFAULT);
/* Update password */
$pdo->prepare("
UPDATE users SET password=? WHERE email=?
")->execute([$hashed, $row['email']]);
/* Delete token */
$pdo->prepare("
DELETE FROM password_resets WHERE token=?
")->execute([$token]);
header("Location: /login.php?msg=Password reset successful");
exit;