<?php
session_start();
include_once("../includes/configuration.php"); // Adjust the path as needed

header('Content-Type: application/json'); // Set the header for JSON response

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    if (isset($_POST['token']) && isset($_POST['new_password'])) {
        $token = $_POST['token'];
        $new_password = $_POST['new_password'];

        // Hash the new password securely
        $hashed_password = md5($new_password);

        // Update the password in the database
        $stmt = $conn->prepare("UPDATE users SET password = ? WHERE token = ?");
        $stmt->bind_param("ss", $hashed_password, $token);

        if ($stmt->execute()) {
            echo json_encode(['success' => true, 'message' => 'successfully change this password']);
        } else {
            echo json_encode(['success' => false, 'message' => 'Failed to update password.']);
        }

        $stmt->close();
    } else {
        echo json_encode(['success' => false, 'message' => 'Invalid input.']);
    }
} else {
    echo json_encode(['success' => false, 'message' => 'Invalid request method.']);
}

$conn->close();
?>