So I have a DB where I store users information for them to log in or to reset their password. And the problem is that the reset password works only for one user and it doesn't for any other.
I've tried comparing the two users to find out what the user that it doesn't work on has or hasn't that the working one does although I didn't see any difference and here's a picture of my DB to visualize it: https://gyazo.com/f231937058bc4c99ffa6bf1f9a5f7631
The reset password code:
$email = $_GET['email'];
$token = $_GET['token'];
$stmt = $connection->prepare("SELECT email FROM users WHERE token = ? AND tokenexpire > NOW()");
$stmt->bind_param('s', $token);
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_array(MYSQLI_ASSOC);
if ($result->num_rows > 0 && md5($row['email']) == $email) {
$hash = $algorithm->create_hash($_POST['password']) // the create hash function comes from a PBKDF2 class from github
$token = '';
$normal_email = $row['email']; // the email on the top is a hashed email with md5
$query = $connection->prepare("UPDATE users SET hash = ?, token = ? WHERE email = ?");
$query->bind_param('sss', $hash, $token, $normal_email);
$query->execute(); // thats the line that does get executed on the 'nex' account but it doesn't on the 'veruz' account
There are no error messages