OK. Everything works fine to me. Except one important thing. After smtp and sql injection and Reset(), user can hit back in browser and after that resend message. that's not good. How to make the data in form not to be accessible twice?
Perhaps, somebody can link me to some useful resource?