prepare("SELECT id, username, password FROM users WHERE username = ? OR email = ?");
$stmt->bind_param("ss", $input, $input);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
$stmt->bind_result($id, $username, $hashed_password);
$stmt->fetch();
// Verify password
if (password_verify($password, $hashed_password)) {
$_SESSION["loggedin"] = true;
$_SESSION["username"] = $username;
header("Location: user.php");
exit;
} else {
$error = "Invalid password!";
}
} else {
$error = "User not found!";
}
$stmt->close();
}
}
?>
Login