prepare($sql)){
// Bind variables to the prepared statement as parameters
$stmt->bindParam(":username", $param_username, PDO::PARAM_STR);
// Set parameters
$param_username = $username;
// Attempt to execute the prepared statement
if($stmt->execute()){
// Check if username exists, if yes then verify password
if($stmt->rowCount() == 1){
if($row = $stmt->fetch()){
$id = $row["id"];
$username = $row["username"];
$hashed_password = $row["password"];
$role = $row["role"];
if(password_verify($password, $hashed_password)){
// Password is correct, so start a new session
session_start();
// Store data in session variables
$_SESSION["loggedin"] = true;
$_SESSION["id"] = $id;
$_SESSION["username"] = $username;
$_SESSION["role"] = $role;
// Redirect user to welcome page
header("location: /en/index.html");
} else{
// Display an error message if password is not valid
$err = "The username or password you entered was not valid.";
}
}
} else{
// Display an error message if username doesn't exist
$err = "The username or password you entered was not valid.";
}
} else{
echo "Oops! Something went wrong.";
}
// Close statement
unset($stmt);
}
}
}
?>
Department of Physics of Nanostructures and Nanotechnology