prepare('SELECT * FROM users WHERE username = :username');
$stmt->bindParam(':username', $username);
$stmt->execute();
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if ($user && password_verify($password, $user['password'])) {
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['user_role'] = $user['role'];
// Record session
try {
$ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
$ua = $_SERVER['HTTP_USER_AGENT'] ?? 'unknown';
$ciudad = 'Desconocida';
if ($ip !== 'unknown' && $ip !== '127.0.0.1' && $ip !== '::1') {
$geo = @file_get_contents("http://ip-api.com/json/{$ip}?fields=city");
if ($geo) {
$geoData = json_decode($geo, true);
if (isset($geoData['city'])) {
$ciudad = $geoData['city'];
}
}
}
$stmtSession = $db->prepare('INSERT INTO user_sessions (user_id, ip_address, ciudad, user_agent) VALUES (:user_id, :ip, :ciudad, :ua)');
$stmtSession->bindParam(':user_id', $user['id']);
$stmtSession->bindParam(':ip', $ip);
$stmtSession->bindParam(':ciudad', $ciudad);
$stmtSession->bindParam(':ua', $ua);
$stmtSession->execute();
} catch (PDOException $e) {
// Silently fail if session recording fails, don't block login
}
header('Location: pedidos.php');
exit();
} else {
$error = 'Invalid username or password.';
}
} catch (PDOException $e) {
$error = 'Database error: ' . $e->getMessage();
}
}
}
?>
Login - FLOWERSEGUIMIENTOPEDIDOS