My forgot password is not updating the token table nor is it updating the password when changes it keeps echoing the error message below is the form code:

Forgot Password</strong></h3>
      <form name="forgot" method="POST" id="forgot" action="includes/reset.php">
        <div align="center">
          <table width="372" border="0">
            <tr>
              <td width="181"><p> </p>
                <p><strong>Password</strong></p></td>
              <td width="181"><span id="sprytextfield1"><br />
                <label for="label"></label>
                <input type="password" name="passsowrd" id="password" />
                <span class="textfieldRequiredMsg">Your password is required</span></span></td>
</tr>
            <tr>
              <td><p> </p>
                <p><strong>Confenter code hereirm Password</strong></p></td>
              <td><span id="spryconfirm2">
                <label for="password"></label>
                <input type="password" name="password2" id="password" />
                <span class="confirmRequiredMsg">A value is required.</span><span class="confirmInvalidMsg">The values don't match.</span></span></td>
</tr>
</table>
</div>
    <div align="center">
      <p> </p>
      <table width="98" border="0">
        <tr>
          <th width="44" scope="row"><input type="submit" name="submit" id="submit" value="submit" /></th>
          <th width="44" scope="row"><input type="reset" name="clear" id="clear" value="Clear" /></th>
        </tr>
      </table>
    </div>
    <div align="center">
      <table width="372" border="0">
        <tr> </tr>
        <tr> </tr>
      </table>
    </div>
  </form>

and the reset.php is:

<?php
session_start();
error_reporting(0);
$token=$_GET['token'];
include("settings.php");
connect();
if(!isset($_POST['password'])){
$q="select email from tokens where token='".$token."' and used=0";
$r=mysql_query($q);
while($row=mysql_fetch_array($r))
   {
$email=$row['email'];
   }
If ($email!=''){
          $_SESSION['email']=$email;
}
else die("Invalid link or Password already changed  <a href='../index.php'>Click here to go back to the HOME PAGE<a/>");}

$pass=$_POST['password'];
$email=$_SESSION['email'];

if(isset($_POST['password'])&&isset($_SESSION['email']))
{
$q="update registration set password='".md5($pass)."' where email='".$email."'";
$r=mysql_query($q);
if($r)mysql_query("update tokens set used=1 where token='".$token."'");echo "Your password is changed successfully  <a href='../index.php'>Click here to go back to the HOME PAGE<a/>";
if(!$r)echo "An error occurred";
    }

so the issue is the following error message is echoed all the time: Invalid link or Password already changed.

also if i add the following to the php code:

if(!isset($pass)){
echo '<form method="post">
enter your new password:<input type="password" name="password" />
<input type="submit" value="Change Password">
</form>
';}

then it works but opens it in new blank page which is un professional thats y am trying to add it to the html. any suggestions thanks.

Change line 9:

$r = mysql_query($q) or die(mysql_error());

If you get an error, show it here.

thanks for the reply but the token nor the email is being selected still echoing the same thing: select email from tokens where token='' and used=0
Invalid link or Password already changed Click here to go back to the HOME PAGE. and no error

$token=$_GET['token'];

You haven't defined a GET parameter called token anywhere.

it is being called in the php NOTE that the when i add:

if(!isset($pass)){
echo '<form method="post">
enter your new password:<input type="password" name="password" />
<input type="submit" value="Change Password">
</form>
';}

it works but i removed it because i want to put it in the HTML form.

So where does token come in?

the token is a unique generated chars which help the application to recognize who has requested for a password

You are trying to read that from the GET, but you haven't specified it anywhere. I'd expect it to be in the form's action.

but i mean if i add the

if(!isset($pass)){
echo '<form method="post">
enter your new password:<input type="password" name="password" />
<input type="submit" value="Change Password">
</form>
';}

it works perfectly meaning that if the HTML form wasnt there it works but with a plain page it get the token but because i added the HTML form it doesnt work

@pritaeas this post has no solution thanks for the help but delete it it wont help any one as it hasnt helped me

line 10:

<input type="password" name="passsowrd" id="password" />

yes tin i noticed it finally a few hours ago thanks though