fix password reset

endpoints/cronjobs/sendresetpasswordemails.php

@@ -64,7 +64,8 @@
 
                     $mail->clearAddresses();
 
-                    echo "Verification email sent to " . $user['email'] . "<br>";
+                    echo "Password reset email sent to " . $user['email'] . "<br>";
+
                 }
             } catch (Exception $e) {
                 echo "Message could not be sent. Mailer Error: {$mail->ErrorInfo} <br>";

passwordreset.php

@@ -58,10 +58,11 @@
     $requestMode = false;
     $resetMode = true;
     $token = $_GET['token'];
+    $email = $_GET['email'];
     $matchCount = "SELECT COUNT(*) FROM password_resets WHERE token = :token and email = :email";
     $stmt = $db->prepare($matchCount);
     $stmt->bindValue(':token', $token, SQLITE3_TEXT);
-    $stmt->bindValue(':email', $_GET['email'], SQLITE3_TEXT);
+    $stmt->bindValue(':email', $email, SQLITE3_TEXT);
     $count = $stmt->execute()->fetchArray(SQLITE3_NUM);
     if ($count[0] == 0) {
         $hasErrorMessage = true;
@@ -168,8 +169,8 @@
                         if (!$hideForm) {
                         ?>
                         <div class="form-group">
-                            <input type="hidden" name="token" value="<?= $_GET['token'] ?>">
-                            <input type="hidden" name="email" value="<?= $_GET['email'] ?>">
+                            <input type="hidden" name="token" value="<?= $token ?>">
+                            <input type="hidden" name="email" value="<?= $email ?>">
                             <label for="password"><?= translate('password', $i18n) ?>:</label>
                             <input type="password" id="password" name="password" required>
                         </div>