I need help completing the code to reset the password

10/11/2022 17:14 ramykhaled#1


Hello everyone, I wish you well
I need help completing the code as I finished writing it and it is for resetting the password

But it does not work, all the codes work, but it directs me to this message


These are the codes for the buttons
PHP Code:
case "lostpw": // Register case start on here
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    if(!$_POST) //if there is no post send here
    {
    ?>
            
      <form action="" method="post">  
      
         <table>

<tr>
    <td>Account iD</td>    <td><input type="text" name="userID" id="userID"  /> </td>     <td><font size="1" color="grey">3-20 Long (Characters A-Z,a-z 0-9)</font> </td>
</tr>

<tr>
    <td>New Password</td>    <td><input type="password" name="newpassword" id="newpassword"/></td>        <td><font size="1" color="grey">3-20 Long (Characters A-Z,a-z 0-9)</font> </td>
</tr>
<tr>
    <td>Confirm New Password</td><td><input type="password" name="newpassword2" id="newpassword2" />  </td>     <td></td>
</tr>
<tr>
    <td>Email</td><td><input type="text" name="email" id="email" />  </td>    <td><font size="1"  color="grey">Should be Vaild</font> </td>
</tr>
<tr>
    <td>Capatcha</td>    <td><input type="text" name="captcha" id="captcha" /> </td>    <td><img src="Captcha.php?width=150&height=40&characters=8" alt="" /></td>
</tr>
<tr>
    <td></td>    <td></td>    <td><a href="" onclick="
    document.getElementById('captcha').src='mod/captcha/captcha.php?'+Math.random();
    document.getElementById('captcha-form').focus();"
    id="change-image"><font color="grey">Refresh captcha.</font></a></td>
</tr>
<tr>
    <td></td>    <td></td>    <td><p class="submit">   <input type="submit" name="submit" value="Register" />  </p> </td>
</tr>
</table> 
<br>
<br>
          <p><font color="#FFFFFF" size="3"> Have a problem ?! Contact us <class="link"><a href="?Report">Report</a></font></p>
   



 </form>  

                <?php
    }
    else // if there is post register
    {


                    session_start();


    
    if(!isset($_SESSION['loggedin'])) {
    

                            if(isset($_POST["submit"])){
                            $userID  anti_injection($_POST["userID"]);
                            
                            $newpassword    anti_injection($_POST["newpassword"]);
                            $newpassword2    anti_injection($_POST["newpassword2"]);
                            $encrypt    md5($newpassword);
                            
                            $email        anti_injection($_POST["email"]);
                            $passwordcheck    odbc_num_rows(odbc_exec($connectacc"SELECT * FROM dbo.TB_User WHERE StrUserID = '$userID' AND password = '$oldencrypt'"));
                            $emailcheck    odbc_num_rows(odbc_exec($connectacc"SELECT * FROM dbo.TB_User WHERE StrUserID = '$userID' AND email = '$email'"));
    
                            
                            
    if($userID == "" || $newpassword == "" || $newpassword2 == "" || $email == ""){
        echo "<div class='error'>Please fill all fields</div>";
    }else if ($newpassword != $newpassword2) {
        echo "<div class='error'>Password does not match!</div>";
    
    }else if (strlen($newpassword) <= "3" || strlen($newpassword) >= "21") {
        echo "<div class='error'>Password should be between 4 and 21 characters</div>";
    }else if (strlen($newpassword2) <= "3" || strlen($newpassword2) >= "21") {
        echo "<div class='error'>Password should be between 4 and 21 characters</div>";
    }else if(!filter_var($email,FILTER_VALIDATE_EMAIL)){
        echo "<div class='error'>Email is not valid!</div>";
    
    } else if($emailcheck == "0"){
        echo "<div class='error'>Email is incorrect!</div>";
    } else {        
                                if(odbc_exec($connectacc"UPDATE dbo.TB_User SET password = '$encrypt' WHERE StrUserID = '$userID'"))
                                {
                                    echo "<div class='ok'>Password is changed successful! , Please take Care of your informations </div>";
                                }
                                else
                                {
                                    echo "<div class='error'>Register for handling an error during the holding at, please go to support.</div>";
                                }
                                }
                                }
                                }
                                
    ?>
        
        
        
    <?php
    }
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    break; // Default case finish on here
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

10/11/2022 18:17 DebugXxX#2
PHP Code:

<?php
include('db.php');
if (isset($_GET["key"]) && isset($_GET["email"]) && isset($_GET["action"]) 
&& ($_GET["action"]=="reset") && !isset($_POST["action"])){
  $key $_GET["key"];
  $email $_GET["email"];
  $curDate date("Y-m-d H:i:s");
  $query mysqli_query($con,
  "SELECT * FROM `password_reset_temp` WHERE `key`='".$key."' and `email`='".$email."';"
  );
  $row mysqli_num_rows($query);
  if ($row==""){
  $error .= '<h2>Invalid Link</h2>
<p>The link is invalid/expired. Either you did not copy the correct link
from the email, or you have already used the key in which case it is 
deactivated.</p>
<p><a href="https://www.allphptricks.com/forgot-password/index.php">
Click here</a> to reset password.</p>';
    }else{
  $row mysqli_fetch_assoc($query);
  $expDate $row['expDate'];
  if ($expDate >= $curDate){
  ?>
  <br />
  <form method="post" action="" name="update">
  <input type="hidden" name="action" value="update" />
  <br /><br />
  <label><strong>Enter New Password:</strong></label><br />
  <input type="password" name="pass1" maxlength="15" required />
  <br /><br />
  <label><strong>Re-Enter New Password:</strong></label><br />
  <input type="password" name="pass2" maxlength="15" required/>
  <br /><br />
  <input type="hidden" name="email" value="<?php echo $email;?>"/>
  <input type="submit" value="Reset Password" />
  </form>
<?php
}else{
$error .= "<h2>Link Expired</h2>
<p>The link is expired. You are trying to use the expired link which 
as valid only 24 hours (1 days after request).<br /><br /></p>";
            }
      }
if($error!=""){
  echo "<div class='error'>".$error."</div><br />";
  }            
// isset email key validate end


if(isset($_POST["email"]) && isset($_POST["action"]) &&
 ($_POST["action"]=="update")){
$error="";
$pass1 mysqli_real_escape_string($con,$_POST["pass1"]);
$pass2 mysqli_real_escape_string($con,$_POST["pass2"]);
$email $_POST["email"];
$curDate date("Y-m-d H:i:s");
if ($pass1!=$pass2){
$error.= "<p>Password do not match, both password should be same.<br /><br /></p>";
  }
  if($error!=""){
echo "<div class='error'>".$error."</div><br />";
}else{
$pass1 md5($pass1);
mysqli_query($con,
"UPDATE `users` SET `password`='".$pass1."', `trn_date`='".$curDate."' 
WHERE `email`='".$email."';"
);

mysqli_query($con,"DELETE FROM `password_reset_temp` WHERE `email`='".$email."';");
    
echo '<div class="error"><p>Congratulations! Your password has been updated successfully.</p>
<p><a href="https://www.sample.com/forgot-password/login.php">
Click here</a> to Login.</p></div><br />';
      }        
}
?>