The following code is executing perfectly but there is a mySQL error somewhere that is producing an error message.
$sql = mysql_query("UPDATE users SET password = $user_pwd WHERE email = '$user_email' AND authkey = '$user_authkey'");
if(!mysql_query($sql,$config_connect))
{
echo $error .= 'The reset key did not match or has expired';
}
else
{
$approve = 1;
$command .= '<div>Your password has been reset.</div>';
}
The error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1
Password is a restricted keyword in MySQL, quote it in your query.
This:
$sql = mysql_query("UPDATE users SET password = $user_pwd WHERE email = '$user_email' AND authkey = '$user_authkey'");
Should be:
$sql = mysql_query("UPDATE users SET `password` = '$user_pwd' WHERE email = '$user_email' AND authkey = '$user_authkey'");
And unless you are passing quotes in your $user_pwd you need to quote that string in you query as well.
If at all possible change that field name in your database to save yourself some nightmarish debugging in the future.