prepare("SELECT id, username, password_hash FROM user WHERE username = ?"); $stmt->execute([$username]); $user = $stmt->fetch(); if ($user && password_verify($password, $user['password_hash'])) { session_regenerate_id(true); $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $user['username']; header('Location: ' . $config->basePath); exit; } else { $error = 'Invalid username or password'; } } $csrf_token = generateCsrfToken(); ?>
= htmlspecialchars($error) ?>