prepare("SELECT id, password_hash, is_admin FROM users WHERE username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
$res = $stmt->get_result();
if ($res->num_rows === 0) {
$error = "Invalid username or password.";
} else {
$row = $res->fetch_assoc();
if (!password_verify($password, $row['password_hash'])) {
$error = "Invalid username or password.";
} else {
// Login success
$_SESSION['user_id'] = $row['id'];
$_SESSION['username'] = $username;
$_SESSION['is_admin'] = (int)$row['is_admin'];
header("Location: index.php");
exit;
}
}
}
}
?>
Login
Login
No account? Sign up