prepare($sql); $stmt->execute([$email]); $user = $stmt->fetch(PDO::FETCH_ASSOC); if ($user && password_verify($password, $user['password'])) { $_SESSION['user_id'] = $user['id']; $_SESSION['user_name'] = $user['name']; $_SESSION['user_role'] = $user['role']; header("Location: index.php"); exit(); } else { header("Location: login.php?error=Invalid credentials"); exit(); } } catch (PDOException $e) { header("Location: login.php?error=" . urlencode($e->getMessage())); exit(); } } else { header("Location: login.php?error=Email and password are required"); exit(); } } ?>