User is being automatically redirected to the about page after clicking through instead of the new password showing. Can anyone see what might be wrong with the code here? It's for forgotten password functionality.
Is it a problem with num_rows?
PHP:
if(isset($_GET['email']) && isset($_GET['token'])) { global $conn; $email = $_GET['email']; $token = $_GET['token']; $sql = $conn->query("SELECT u_id FROM users WHERE email='$email' AND token='$token' AND token<>'' AND tokenExpire > NOW() "); if($sql->num_rows > 0) { $newPassword = generateNewString(); $newPasswordEncrypted = password_hash($newPassword, PASSWORD_BCRYPT); $conn->query("UPDATE users SET token='', password = '$newPasswordEncrypted' WHERE email='$email' "); echo "Your new password is $newPassword"; } else header("Location: " . BASE_URL . "/about.php"); } else { redirectToLoginPage(); }
1.4m articles
1.4m replys
5 comments
56.9k users