"error", "message" => "Missing username or password."]); exit; } $username = trim($input['username']); $password = trim($input['password']); // Fetch user (SQLite uses PDO) $stmt = $conn->prepare("SELECT * FROM users WHERE username = ?"); $stmt->execute([$username]); $user = $stmt->fetch(PDO::FETCH_ASSOC); if (!$user) { echo json_encode(["status" => "error", "message" => "Invalid username or password."]); exit; } if (!password_verify($password, $user['password_hash'])) { echo json_encode(["status" => "error", "message" => "Invalid username or password."]); exit; } // Set session $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['is_admin'] = $user['is_admin']; echo json_encode([ "status" => "success", "redirect" => "/desktop.php" ]); exit; ?>