30 lines
832 B
PHP
30 lines
832 B
PHP
<?php
|
|
session_start();
|
|
require_once 'config.php';
|
|
|
|
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
|
// Handle login form submission
|
|
$email = $_POST['email'];
|
|
$password = $_POST['password'];
|
|
|
|
// Prepare and execute the SQL query using prepared statements
|
|
$query = "SELECT id, username, password, isAdmin FROM users WHERE email = ?";
|
|
$stmt = $mysqli->prepare($query);
|
|
$stmt->bind_param("s", $email);
|
|
$stmt->execute();
|
|
$stmt->bind_result($user_id, $user_username, $user_password, $user_isAdmin);
|
|
|
|
// Fetch the result
|
|
if ($stmt->fetch() && password_verify($password, $user_password)) {
|
|
$_SESSION['user_id'] = $user_id;
|
|
header('Location: index.php');
|
|
exit();
|
|
} else {
|
|
echo "Invalid email or password.";
|
|
}
|
|
|
|
// Close the statement
|
|
$stmt->close();
|
|
}
|
|
?>
|