setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$username = $_POST['username'];
$password = $_POST['password'];
$stmt = $connection->prepare("SELECT * FROM utenti WHERE user = :username AND password = :password");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':password', $password);
$stmt->execute();
$user = $stmt->fetch();
if ($user) {
if ($user['llivello'] == 0) {
$_SESSION['user_id'] = $user['idut'];
$_SESSION['username'] = $user['user'];
$_SESSION['livello'] = $user['livello'];
$_SESSION["login"] = true;
header('Location: dashboard.php');
} else {
$_SESSION["error"] = "Invalid username or password.";
}
} else {
$_SESSION["error"] = "Utente non trovato.";
}
} catch (PDOException $e) {
$error = "Error: " . $e->getMessage();
}
}
?>
Login
Login