prepare("SELECT * FROM users WHERE username = ? AND role = ?");
$stmt->execute([$username, $login_role]);
$user = $stmt->fetch();
if ($user && password_verify($password, $user['password'])) {
// Password is correct, start session
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['role'] = $user['role'];
$_SESSION['full_name'] = $user['full_name'];
// Redirect to a dashboard page based on role
if ($user['role'] === 'guru') {
header("Location: dashboard_guru.php");
} else {
header("Location: dashboard_siswa.php");
}
exit();
} else {
// Use a generic error message to avoid user enumeration
$error_message = "Username atau password salah.";
}
} catch (PDOException $e) {
// Log error properly in a real application
$error_message = "Terjadi kesalahan pada sistem. Silakan coba lagi nanti.";
// error_log("Login failed: " . $e->getMessage());
}
}
}
?>
<?php echo $page_title; ?> - Ulangan Harian Online
