Can someone tell me whats wrong with my code, this page resets password of user in a sql table-CodePudding

I dont know why but this is not working , this page is the last step of my college project where user will reset his password but everytime its giving me unknown error. (Sorry for my bad english).................................................................................................................................................. The html/php section:

    <?php

session_start();

   include("connection.php");
   include("functions.php");

if($_SERVER['REQUEST_METHOD'] == "POST"){

  if(isset($_GET['email'])){

    $email = $_GET['email'];

  $npassword = $_POST['password'];
  $cpassword = $_POST['cpassword'];


  if($npassword === $cpassword){

    $query = "UPDATE users SET npassword='$password' WHERE email='$email' ";

    $iquery = mysqli_query($con, $query);

    if($iquery){

      $_SESSION['msg'] = "Password Updated";
      header("Location: verify.php");

    }else{
      $_SESSION['msg'] = "Password Updation Failed";
      header("Location: changepass.php");
    }

  }else{
    $_SESSION['msg'] = "Passwords dont Match";
    header("Location: changepass.php");
  }
}else{
  $_SESSION['msg'] = "No E-mail Found";
  header("Location: changepass.php");
}
}else{
  $_SESSION['msg'] = "Unknown Error";
}
?>

<!DOCTYPE html>
<html>
  <head>
    <link rel="icon" href="../assets/library.svg" type="image/icon">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">

    <title>Reset Password</title>
    <link rel="stylesheet" href="forgot.css" />
  </head>
<style>
@font-face {
   font-family: Aremat;
   src: url(../assets/aremat.ttf);
}

@font-face {
   font-family: Aremat;
   src: url(../assets/aremat.ttf);
   font-weight: bold;
}

* {
   font-family: Aremat;
}
</style>
  <body>
      <section>
          <div >
          <div >
              <center><h2>Reset Password</h2></center>
              <div>
                <center><p><?php echo $_SESSION['msg']; ?></p></center>
              </div>
              <center><img  src="../assets/reset.png"></center>
              <form method="POST">
              <div >
                  <input type="password" name="password" placeholder="New Password" required>
                  <img src="../assets/email.png">
                  </div>
                  <div >
                      <input type="password" name="cpassword" placeholder="Confirm New Password" required>
                      <img src="../assets/email.png">
                      </div>
                    <div >
                     <input type="submit" value="Update Password">
                  </div>
              </form>

              </div>
          </div>
      </section>
  </body>
</html>

The CSS:

*
{
    margin: 0;
    padding: 0;
    box-sizing: border-box;
}
section
{
    display: flex;
    justify-content: center;
    align-items: center;
    min-height: 100vh;
    /*background: linear-gradient(-30deg, #03a9f4 0%, #3a78b7 50%, #262626 50%, #607d8b 100%);*/
    background: linear-gradient(-30deg, #03a9f4 0%, #3a78b7 50%, #C3C4C0 50%, #505050 100%);
    filter: hue-rotate(120deg);
    animation: animate 10s linear infinite;
}
@keyframes animate
{
    0%
    {
        filter: hue-rotate(0deg);
    }
    100%
    {
        filter: hue-rotate(360deg);
    }
}
.box
{
    position: relative;
    padding: 50px;
    width: 360px;
    height: 480px;
    display: flex;
    justify-content: center;
    align-items: center;
    background: rgba(255,255,255,0.1);
    border-radius: 6px;
    box-shadow: 0 5px 35px rgba(0,0,0,0.2);
}
.box::after
{
    content: '';
    position: absolute;
    top: 5px;
    left: 5px;
    right: 5px;
    bottom: 5px;
    border-radius: 5px;
    pointer-events: none;
    background: linear-gradient(to bottom, rgba(255,255,255,0.3) 0%, rgba(255,255,255,0.1) 15%, transparent 50%, transparent 85%,rgba(255,255,255,0.3) 100%);
}
.box .form
{
    position: relative;
    width: 100%;
}
.box .form h2
{
 color: #fff;
    font-weight: 600;
    letter-spacing: 2px;
    margin-bottom: 30px;
}
.box .form .inputBx
{
    position: relative;
    width: 100%;
    margin-bottom: 20px;
}
.box .form .inputBx input
{
    width: 100%;
    outline: none;
    border: 1px solid rgba(255,255,255,0.2);
    background: transparent;
    padding: 8px 18px;
    padding-left: 35px;
    border-radius: 6px;
    color: #fff;
    font-size: 16px;
    font-weight: 300;
    box-shadow: inset 0 0 25px rgba(0,0,0,0.2);
}
.box .form .inputBx input::placeholder
{
    color: #fff;
}
.box .form .inputBx input[type="submit"]
{
    background: #fff;
    color: #111;
    max-width: 300px;
    padding: 8px 10px;
    box-shadow: none;
    font-weight: 500;
    letter-spacing: 1px;
    cursor: pointer;

}
.box .form .inputBx img
{
    position: absolute;
    top: 8px;
    left: 10px;
    transform: scale(0.7);
    filter: invert(1);
}
.reneber
{
    position: relative;
    display: inline-block;
    color: #fff;
    font-weight: 300;

}
.box .form p
{
    color: #fff;
    font-weight: 300;
    font-size: 15px;
    margin-top: 5px;
    text-align: center;

}
.box .form a
{
    color: #fff;
}
.forg
{
    transform: scale(0.7);
    filter: invert(1);
}
.or
{
     color: #eaeae1;
    text-align: center;
}

CodePudding user response：

You check if your request method is POST, and then you check if email is passed by a GET request. Are sure, you transmit the email by a GET Request ?

If you have a form with a POST method, you need to write :

if(isset($_POST['email'])){
$email = $_POST['email'];

You don't crypt password, it's dangerous. You should hash your password before insert/update in database.

For hash : password_hash("yourpassword", PASSWORD_DEFAULT);

For verify password : password_verify($npassword, $cpassword);

More info :

https://www.php.net/manual/fr/function.password-hash.php https://www.php.net/manual/fr/function.password-verify.php

You can't decrypt for security.