prepare("SELECT * FROM users WHERE username = ?"); $stmt->execute([$username]); $user = $stmt->fetch(); if ($user && password_verify($password, $user['password'])) { $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['role'] = $user['role']; session_regenerate_id(true); log_activity($user['id'], 'User Login', 'User ' . $user['username'] . ' logged in.'); session_write_close(); header('Location: ../index.php'); exit(); } else { header('Location: ../login.php?error=invalid_credentials'); exit(); } } catch (PDOException $e) { // Log the error instead of showing it to the user error_log('Authentication error: ' . $e->getMessage()); header('Location: ../login.php?error=db_error'); exit(); } } ?>