Validate token and email from a url in php

I'm doing a password recovery system. The issue is that when I get into the url that generates me, I think it does not validate the email and / or token and does not teach me the input to have it put in a condition if they change data from the URL. I leave the two files of the email and the new password, in case you can lend me a hand. I try to put the input in the condition so that it appears or not according to whether it is valid or not. I do not know if it is the best way, if there is another one and it works, I would appreciate it a lot. Greetings and thanks in advance.d

Olvidemicontrasena.php

    <?php
if (isset($_POST['codigo'])){
    require "conexion.php";
    $email = $mysqli->real_escape_string($_POST['email']);
    $sql = $mysqli->query("SELECT email FROM usuarios WHERE email = '$email'");
    $row =$sql->fetch_array();
    $count = $sql->num_rows;
    if($count == 1){
        $token = uniqid();
        $act = $mysqli->query("UPDATE usuarios SET token = '$token' WHERE email ='$email'");
        //Debes editas las próximas dos lineas de codigo de acuerdo con tus preferencias

        $email_to = $email;
        $email_subject = "Cambio de contraseña";
        $email_from = "[email protected]";

        $email_message = "Hola " .$row['email'].", has solicitado cambiar tu contraseña, accede al siguiente link\n\n";
        $email_message .= "www.prueba.org/php/nuevacontrasena.php?user=".$row['email']."&token=".$token."\n\n";

        // Ahora se envía el e-mail usando la funcion mail() de PHP
        $headers = 'Form'.$email_from."\r\n".
        'Reply-To: '.$email_from."\r\n".
        'X-Mailer: PHP/'.phpversion();
        @mail($email_to,$email_subject,$email_message,$headers);

        echo "Te hemos enviado un email para el cambio de contraseña";
    } else{
        echo "Este correo electrónico no está registrado en nuestra base de datos";
    }

}
?>
                 <!-- Material form login -->
<div class="card " style="margin-top:25%">

<h5 class="card-header warning-color white-text text-center py-4 " >
<strong>Recuperar contraseña</strong>
</h5>

<!--Card content-->
<div class="card-body px-md-5 pt-0">

<!-- Form -->
<form class="text-center formulario" style="color: #757575;" action="" method="post">

<!-- Email -->
<div class="md-form">
<input type="email" id="materialLoginFormEmail" class="form-control" name="email" required>
<label for="materialLoginFormEmail">E-mail</label>
</div>

<!-- Sign in button -->
<div class="text-center mt-4">
 <button class="btn btn-warning btn-lg  mt-4" value="Recuperar mi contraseña" name="codigo" >Enviar</button>
</div>

</form>      

<!-- Material form login -->

          </div>
        </div>

newcontrasena.php

<?php
    if(isset($_GET['email']) AND isset($_GET['token'])){
    require "conexion.php";
    $email = $mysqli->real_escape_string($_GET['email']);
    $token = $mysqli->real_escape_string($_GET['token']);
    $sql = $mysqli->query("SELECT token FROM usuarios WHERE email = '$email'");
    $row = $sql->fetch_array();

    if($row['token'] == $token) { 

?>
<?php
if(isset($_POST['codigo'])){
    require "conexion.php";
    $pass = $mysqli->real_escape_string($_POST['pass']);
    $pass = hash('sha512',$pass);

    $act = $mysqli->query("UPDATE usuarios SET pass= '$pass', token = '' WHERE email = '$email'");

    if ($act){
        echo "Su contraseña se ha actualizado correctamente";
        header("Refresh: 1; URL=../index.php");
    }else{
        echo "Ha habido un problema a la hora de actualizar la contraseña";
    }
}
?>

<form action="" method="post">
<input type="text" placeholder="Ingrese su nueva contraseña" name="pass" required/>
<input type="submit" value="Cambiar contraseña" name="codigo"/>
</form>
</body>
    <?php  } } ?>