Admin Login

prepare("SELECT id, username, password, role, is_active FROM users WHERE username = ? OR email = ?"); $stmt->execute([$username, $username]); $user = $stmt->fetch(PDO::FETCH_ASSOC); if ($user && password_verify($password, $user['password'])) { if ($user['is_active'] == 1) { // Regenerate session ID to prevent fixation session_regenerate_id(true); $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['user_role'] = $user['role']; $_SESSION['logged_in'] = true; // Set session expiration if ($remember_me) { // 30 days for "remember me" $_SESSION['expire_time'] = time() + (30 * 24 * 60 * 60); } else { // 1 hour for normal session $_SESSION['expire_time'] = time() + (60 * 60); } // Create session record $session_token = bin2hex(random_bytes(32)); $ip_address = $_SERVER['REMOTE_ADDR']; $user_agent = $_SERVER['HTTP_USER_AGENT']; $expires_at = date('Y-m-d H:i:s', $_SESSION['expire_time']); $stmt = $DBcon->prepare("INSERT INTO user_sessions (user_id, session_token, ip_address, user_agent, expires_at) VALUES (?, ?, ?, ?, ?)"); $stmt->execute([$user['id'], $session_token, $ip_address, $user_agent, $expires_at]); $_SESSION['session_token'] = $session_token; redirect('dashboard.php'); } else { $errors[] = "Your account has been deactivated."; } } else { $errors[] = "Invalid username or password."; } } catch (PDOException $e) { $errors[] = "Login failed. Please try again."; } } } } ?> Admin Login

Sign in to continue.