false, 'error' => 'Email and password are required.']); exit; } $email = $_POST['email']; $password = $_POST['password']; try { $pdo = db(); // 2. Fetch user by email $stmt = $pdo->prepare("SELECT id, firstName, role, password FROM User WHERE email = ?"); $stmt->execute([$email]); $user = $stmt->fetch(); // 3. Verify password if ($user && password_verify($password, $user['password'])) { // 4. Set session variables $_SESSION['user_id'] = $user['id']; $_SESSION['user_name'] = $user['firstName']; $_SESSION['user_role'] = $user['role']; echo json_encode(['success' => true, 'redirect' => 'dashboard.php']); } else { echo json_encode(['success' => false, 'error' => 'Invalid email or password.']); } } catch (PDOException $e) { error_log('Login Error: ' . $e->getMessage()); echo json_encode(['success' => false, 'error' => 'A server error occurred. Please try again later.']); }