prepare("SELECT id, name, email, password, role FROM users WHERE email = ?"); $stmt->execute([$email]); $user = $stmt->fetch(PDO::FETCH_ASSOC); if ($user && password_verify($password, $user['password'])) { // Regenerate session ID to prevent session fixation session_regenerate_id(true); // Store user info in session $_SESSION['user_id'] = $user['id']; $_SESSION['user_name'] = $user['name']; $_SESSION['user_email'] = $user['email']; $_SESSION['user_role'] = $user['role']; // Redirect based on role if ($user['role'] === 'restaurant_owner') { header("Location: dashboard.php"); } elseif ($user['role'] === 'customer') { header("Location: customer_dashboard.php"); } else { // For any other roles, or if role is not set, redirect to a generic page or show an error header("Location: index.php"); } exit(); } else { header('Location: login.php?error=invalid'); exit(); }