prepare('SELECT * FROM users WHERE username = :username');
$stmt->execute([':username' => $username]);
$user = $stmt->fetch();
if ($user && password_verify($password, $user['password'])) {
if ($user['role'] === 'customer' && $user['phone_verified_at']) {
$verification_code = str_pad(rand(0, 999999), 6, '0', STR_PAD_LEFT);
$stmt = $pdo->prepare('UPDATE users SET two_factor_secret = ? WHERE id = ?');
$stmt->execute([$verification_code, $user['id']]);
require_once 'mail/SmsService.php';
SmsService::sendSms($user['phone_number'], "Your login code is: {$verification_code}");
$_SESSION['user_id_2fa'] = $user['id'];
header('Location: login_2fa.php');
exit;
} else {
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['role'] = $user['role'];
header('Location: ' . ($user['role'] === 'admin' ? 'admin/index.php' : 'profile.php'));
exit;
}
} else {
$error_message = 'Invalid username or password.';
}
} catch (PDOException $e) {
error_log('Login Error: ' . $e->getMessage());
$error_message = 'An error occurred. Please try again later.';
}
}
}
?>
Login - rfresh
Welcome Back
OR
Don't have an account? Sign Up