connect_error) die("Connection failed: " . $conn->connect_error);
// Handle form submission
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$userId = trim($_POST['user_id'] ?? '');
$password = $_POST['pwd'] ?? '';
if (empty($userId) || empty($password)) {
echo "Please fill in all fields.
";
} else {
// Prepare statement to prevent SQL injection
$stmt = $conn->prepare("SELECT * FROM " . $GLOBALS['arif_users'] . " WHERE user_id = ?");
$stmt->bind_param("s", $userId);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows === 1) {
$user = $result->fetch_assoc();
if (password_verify($password, $user['password'])) {
// Login successful
$_SESSION['user_id'] = $user['user_id'];
$_SESSION['type'] = $user['type'];
echo "Login successful. Redirecting...
";
echo "";
} else {
echo "Invalid password.
";
}
} else {
echo "No account found with this User ID.
";
}
$stmt->close();
}
}
?>