Okay I have put my php at the top but the query in the $_POST is still failing.
The part that is failing is the WHERE clause. I just do not know how to get a variable to put in that column.
Is there a way to carry a variable from the query in the $_GET method forward into the $_POST method?
Here is my updated code:
<?php
include("header.php");
?>
<body>
<div data-role="page" id="resetpassword">
<div data-role="header">
<h1>Reset Password</h1>
</div>
<div data-role="content">
<?php
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
$tok = ($_REQUEST['token']);
require_once ('config.inc.php');
$q1 = "SELECT * FROM users WHERE token = '$tok'";
$r1 = mysqli_query($dbconn,$q1)or die("Error: ".mysqli_error($dbconn));
printf("Number of affected rows (SELECT): %d\n", mysqli_affected_rows($dbconn));
$row = mysqli_fetch_array($r1);
$tk = $row['token'];
//echo $tk;
$uid = $row['uid'];
//echo $uid;
$then = $row['request_time'];
//echo $then;
$now = time();
//echo $now;
$expired = ($now - $then);
//echo $expired;
$num_rows = mysqli_num_rows($r1);
//echo $num_rows;
if ($num_rows !== 1 || $expired > 900){
echo "An error has prevented a password change.<br />Most likely the link has expired.";
exit();
}
}
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
require_once ('config.inc.php');
$trimmed = array_map('trim', $_POST);
$uid = mysqli_real_escape_string($dbconn, ($trimmed['uid']));
if (preg_match ('/^[[:alnum:]]{8,}$/', ($trimmed['password']))) {
$p = mysqli_real_escape_string($dbconn, ($trimmed['password']));
// hash the password
require ("passhash.php");
$pass_hash = PassHash::hash($p);
//echo $pass_hash;
if ($pass_hash) {
$q2 = "UPDATE users SET upass='$pass_hash' WHERE uid='$uid'";
$r2 = mysqli_query($dbconn, $q2)or die("Error: " . mysqli_error($dbconn));
printf("Affected rows (UPDATE): %d\n", mysqli_affected_rows($dbconn));
$affected_rows = mysqli_affected_rows($dbconn);
if ($affected_rows == 1) {
echo "<p>Password Changed!</p>";
}
}
} else {
echo "Please enter a valid password type.";
}
}
?>
<p>Choose a new password.<br />
Letters and numbers only.<br />
Minimum of 8 characters.</p>
<form id="passwordreset" method="post" action="?token=<?php echo $tk;?>" data-ajax="false">
<label for="password" class="ui-hidden-accessible">Password:</label>
<input type="password" name="password" id="password" value="" placeholder="Password"/>
<label for="uid" class="ui-hidden-accessible">UserId:</label>
<input type="hidden" name="uid" id="uid" value="" placeholder="UserId"/>
<button type="submit" name="submit" value="submit" data-inline="true"/>Submit</button>
</form>
</div><!-- /content -->
<div data-role="footer" class="ui-bar">
</div><!-- /footer -->
</div><!-- /page -->
</body>
</html>