Return to Answer

if (isValidUserToken($token_id) &&
    isValidPasswordHash($token) {
   ChangePassword();
}

This is further complicated because you haven't really told us how your "forgot password reset system" is supposed to work. From what I can see, you've given us more that you implied. I think there's a "forgot password" and a "reset password" piece of code. Then again, the latter could be part of the first: When An user tells your system they forgot their password, it emails something that allows them to reset their password. That makes sense. It hinges on the user being in control of their mail address.

if (isValidUserToken($token_id) &&
    isValidPasswordHash($token)) {
   ChangePassword();
}

This is further complicated because you haven't really told us how your "forgot password reset system" is supposed to work. From what I can see, you've given us more than you implied. I think there's a "forgot password" and a "reset password" piece of code. Then again, the latter could be part of the first: When An user tells your system they forgot their password, it emails something that allows them to reset their password. That makes sense. It hinges on the user being in control of their mail address.

function updateUserPasswordByEmail($database, $email, $newPassword)
{
    $hashedPassword = password_hash($newPassword, PASSWORD_DEFAULT);
    $query = "UPDATE users SET password = :password WHERE email = :email";
    $statement = $database->prepare($query);
    $statement->bindValue(':password', $hashedPassword, PDO::PARAM_STR);
    $statement->bindValue(':email', $email, PDO::PARAM_STR);
    $statement->execute();
}

function storeUserIpAddressByEmail($database, $email)
{
    $IpAddress = findIP();
    if (!filter_var($temp, FILTER_VALIDATE_IP)) {
        $IpAddress = "0.0.0.0"; // invalid ip
    }
    $query = "UPDATE users SET last_login_ip= :last_login_ip WHERE email = :email";
    $statement = $database->prepare($query);
    $statement->bindValue(':last_login_ip', $IpAddress, PDO::PARAM_STR);
    $statement->bindValue(':email', $email, PDO::PARAM_STR);
    $statement->execute();
}

function updateUserFieldByEmail($database, $email, $column, $value, $type)
{
    $query = "UPDATE users SET $column = :value WHERE email = :email";
    $statement = $database->prepare($query);
    $statement->bindValue(':value', $value, $type);
    $statement->bindValue(':email', $email, PDO::PARAM_STR);
    $statement->execute();
}

function updateUserPasswordByEmail($database, $email, $newPassword)
{
    $hashedPassword = password_hash($newPassword, PASSWORD_DEFAULT);
    updateUserFieldByEmail($database, $email, 'password', $hashedPassword, PDO::PARAM_STR);
}

function storeUserIpAddressByEmail($database, $email)
{
    $IpAddress = findIP();
    if (!filter_var($temp, FILTER_VALIDATE_IP)) {
        $IpAddress = "0.0.0.0"; // invalid ip
    }
    updateUserFieldByEmail($database, $email, 'last_login_ip', $IpAddress, PDO::PARAM_STR);
}

function updateUserPasswordByEmail($database, $email, $newPassword)
{
    $hashedPassword = password_hash($newPassword, PASSWORD_DEFAULT);
    $query = "UPDATE users SET password = :password WHERE email = :email";
    $statement = $database->prepare($query);
    $statement->bindValue(':password', $hashedPassword, PDO::PARAM_STR);
    $statement->bindValue(':email', $email, PDO::PARAM_STR);
    return $statement->execute();
}

function storeUserIpAddressByEmail($database, $email)
{
    $IpAddress = findIP();
    if (!filter_var($temp, FILTER_VALIDATE_IP)) {
        $IpAddress = "0.0.0.0"; // invalid ip
    }
    $query = "UPDATE users SET last_login_ip= :last_login_ip WHERE email = :email";
    $statement = $database->prepare($query);
    $statement->bindValue(':last_login_ip', $IpAddress, PDO::PARAM_STR);
    $statement->bindValue(':email', $email, PDO::PARAM_STR);
    return $statement->execute();
}

function updateUserFieldByEmail($database, $email, $column, $value, $type)
{
    $query = "UPDATE users SET $column = :value WHERE email = :email";
    $statement = $database->prepare($query);
    $statement->bindValue(':value', $value, $type);
    $statement->bindValue(':email', $email, PDO::PARAM_STR);
    return $statement->execute();
}

function updateUserPasswordByEmail($database, $email, $newPassword)
{
    $hashedPassword = password_hash($newPassword, PASSWORD_DEFAULT);
    return updateUserFieldByEmail($database, $email, 'password', $hashedPassword, PDO::PARAM_STR);
}

function storeUserIpAddressByEmail($database, $email)
{
    $IpAddress = findIP();
    if (!filter_var($temp, FILTER_VALIDATE_IP)) {
        $IpAddress = "0.0.0.0"; // invalid ip
    }
    return updateUserFieldByEmail($database, $email, 'last_login_ip', $IpAddress, PDO::PARAM_STR);
}

I love that you take the time to name things properly. Names like create_db_linkage_instance(), endTheWebpage() immediately make clear what these functions do. It's not db_conn() or finish(). Of course there is the problem that you haven't stuck to one naming convenstion, choose either snake_case or or camelCase and stick to it. Yes, I know that PHP itself is, regrettably, not very consistent. Later, while reading through your code, I came across less well-chosen names: $greenf, which is a database instance, and $qry for, you guess it right, a MySQL query.

Your code does use very little functions, no classes, and relies heavily on nesting one bit of code inside another. Let me take your reset-password.php file and show only the main control structure:

if (...) {
    try {
        if (...) {
            if (...) {
                if (...) {
                    if (...) {
                        if (...)) {
                            if (...) {
                            } else if (...) {
                            }
                        } else {
                        }
                        if (...) {
                            if (...) {
                            } else {
                            }
                            if (...) {
                            } else {
                            } 
                        } 
                    } 
                    if (...) {
                    }
                    if (...) {
                    }
                } else {
                }
            } else {
            }
        } else {
        } 
    } catch (...) {
    } catch (...) {
    } 
} else {
} 

I love that you take the time to name things properly. Names like create_db_linkage_instance(), endTheWebpage() immediately make clear what these functions do. It's not db_conn() or finish(). Of course there is the problem that you haven't stuck to one naming convenstion, choose either snake_case or or camelCase and stick to it. Yes, I know that PHP itself is, regrettably, not very consistent. Later, while reading through your code, I came across less well-chosen names: $greenf, which is a database instance, and $qry for, you guessed it right, a MySQL query.

Your code uses very few functions, no classes, and relies heavily on nesting one bit of code inside another. Let me take your reset-password.php file and write out the main control structure:

if (...) {
    try {
        if (...) {
            if (...) {
                if (...) {
                    if (...) {
                        if (...) {
                            if (...) {
                            } else if (...) {
                            }
                        } else {
                        }
                        if (...) {
                            if (...) {
                            } else {
                            }
                            if (...) {
                            } else {
                            } 
                        } 
                    } 
                    if (...) {
                    }
                    if (...) {
                    }
                } else {
                }
            } else {
            }
        } else {
        } 
    } catch (...) {
    } catch (...) {
    } 
} else {
}