prepare("SELECT * FROM users WHERE email = ?"); $stmt->execute([$email]); $user = $stmt->fetch(); if ($user && password_verify($password, $user['password_enc'])) { if ($user['status'] === 'active') { $_SESSION['user_id'] = $user['id']; $_SESSION['user_email'] = $user['email']; $_SESSION['user_role'] = $user['role']; $_SESSION['user_display_name'] = $user['display_name']; // Regenerate session ID to prevent session fixation session_regenerate_id(true); // Update last login timestamp $updateStmt = $pdo->prepare("UPDATE users SET last_login_at = CURRENT_TIMESTAMP WHERE id = ?"); $updateStmt->execute([$user['id']]); header('Location: dashboard.php'); exit; } else { $error_message = 'Your account is disabled. Please contact an administrator.'; } } else { $error_message = 'Invalid email or password.'; } } catch (PDOException $e) { // In a real app, you would log this error. $error_message = 'A database error occurred. Please try again later.'; } } } ?> FlexPass – Secure Login

FlexPass

HIPAA-Ready Credential Vault

Reminder: Do not store Protected Health Information (PHI) in notes or other non-encrypted fields.