prepare("SELECT * FROM users WHERE username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
$res = $stmt->get_result();
if ($res->num_rows === 1) {
$user = $res->fetch_assoc();
if (password_verify($password, $user['password'])) {
session_regenerate_id(true); // 🔒 Secure session
$_SESSION['user'] = $user['username'];
header("Location: dashboard.php");
exit();
} else {
$error = "❌ Incorrect password.";
}
} else {
$error = "❌ User not found.";
}
}
?>
Login