prepare("SELECT * FROM users WHERE email = ?"); $stmt->execute([$email]); $user = $stmt->fetch(); if ($user && password_verify($password, $user['password'])) { // Add this block to check user status if ($user['status'] !== 'active') { $_SESSION['login_error'] = 'Your account is inactive. Please contact an administrator.'; header('Location: index.php'); exit; } $_SESSION['user_id'] = $user['id']; $_SESSION['user_name'] = $user['name']; $_SESSION['user_role'] = $user['role']; header('Location: admin.php'); exit; } else { $_SESSION['login_error'] = 'Invalid email or password.'; header('Location: index.php'); exit; } }