prepare("SELECT id, username, password, role FROM users WHERE username = ?");
$stmt->execute([$username]);
$user = $stmt->fetch();
if ($user && password_verify($password, $user['password'])) {
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['user_role'] = $user['role'];
// For admin panel security features
if ($user['role'] === 'admin') {
$_SESSION['admin_ip_address'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['last_activity'] = time();
}
header("Location: index.php");
exit;
} else {
$errors[] = 'Invalid username or password.';
}
} catch (PDOException $e) {
$errors[] = "Database error: " . $e->getMessage();
}
}
}
?>
Login - <?php echo htmlspecialchars($_SERVER['PROJECT_NAME'] ?? 'Web Directory'); ?>