} $show_request_form = true; // default is yes whether to show the request email form is shown $show_password_form = false; // check if code isset if (!empty($_GET['code'])) { $show_request_form = false; $show_password_form = $login->checkForgotPasswordCode($_GET['code']); // the code is valid and returned user data if ($show_password_form !== false) { // create new link from user data to stop users from editing the link $link = Crecket\AdvancedLogin\Login::ForgotpasswordLinkCreator($show_password_form['forgotpassword_code']); // verify the post request if (!empty($_POST['password']) && !empty($_POST['repeat_password']) && \SecureFuncs\SecureFuncs::getFormToken('forgot_password', $_POST['form_token']) !== false) { // verify the password update request if ($login->changeForgotPassword($_POST['password'], $_POST['repeat_password'], $show_password_form['forgotpassword_code'])) { //success, return to index header('Location: index.php'); } } } } if (!empty($_POST['email'])) { if (\SecureFuncs\SecureFuncs::getFormToken('forgot_password', $_POST['form_token'])) { $login->sendForgotPasswordCode($_POST['email']); } } $formToken = \SecureFuncs\SecureFuncs::setFormtoken('forgot_password'); ?> <!DOCTYPE html> <html>