I am trying to create a link that is sent to the user so that I can reset the password:
I have the following code that sends the code to the user:
<?php
include("config.php");
if(isset($_POST['submit_email']) && $_POST['email'])
{
$email = mysqli_real_escape_string($conn, $_POST['email']);
$sql = "SELECT * FROM registo WHERE email = '$email'";
$r = mysqli_query($conn, $sql);
$count = mysqli_num_rows($r);
if($count == 1){
$res = mysqli_fetch_assoc($r);
$email=password_hash($res['email'],PASSWORD_DEFAULT);
$pass=password_hash($res['password'],PASSWORD_DEFAULT);
$link="<a href='http:****.php?key=".$email."&reset=".$pass."'>Click To Reset password</a>";
$to = $res['email'];
$subject = 'Reset Password';
$message = 'Click On This Link to Reset Password '.$link;
$headers = 'From: Galaxy books shop <**@gmail.com>' . "\r\n" .
'Reply-To: **@mail.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
// Send email
if(mail($to, $subject, $message, $headers)){
echo "Your reset link has been sent to your email ";
}else{
echo "Failed to Recover your password, try again";
}
}else{
echo "User name does not exist";
}
}
?>
And then I have the code that supposedly should cause the user to create a new pass:
<?php
include("config.php");
if($_GET['key'] && $_GET['reset'])
{
$email=password_hash($_GET['key'],PASSWORD_DEFAULT);
$pass=password_hash($_GET['reset'],PASSWORD_DEFAULT);
$sql=mysqli_query($conn,"SELECT email, password FROM registo where email='$email' and password='$pass'");
$count = mysqli_num_rows($sql);
if($count==1)
{
?>
<html>
<form method="post" action="update_newpassword.php">
<input type="hidden" name="email" value="<?php echo $email;?>">
<p>Enter New password</p>
<input type="password" name='password'>
<input type="submit" name="submit_password">
</form>
</html>
<?php
}
}
? >
The problem is that nothing is happening the link is actually sent but by clicking on the link the page simply appears in White.