prepare('SELECT * FROM users WHERE username = ?'); $stmt->execute([$username]); $user = $stmt->fetch(); if ($user && password_verify($password, $user['password'])) { $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['role'] = $user['role']; header('Location: admin.php'); exit; } else { $error = 'Invalid username or password.'; } } catch (PDOException $e) { // In a real app, you'd log this error. $error = 'An error occurred. Please try again later.'; } } } $page_title = 'Admin Login'; require_once __DIR__ . '/header.php'; ?>