prepare("SELECT * FROM users WHERE username = ?"); $stmt->execute([$username]); $user = $stmt->fetch(); if ($user && password_verify($password, $user['password'])) { // Capture and update IP correctly $user_ip = $_SERVER['REMOTE_ADDR']; if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ips = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); $user_ip = trim($ips[0]); } $pdo->prepare("UPDATE users SET last_ip = ? WHERE id = ?")->execute([$user_ip, $user['id']]); $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['uid'] = $user['uid']; header("Location: index.php"); exit; } else { $error = __('invalid_credentials'); } } ?>