<?php $error_msg = ''; if(isset($_POST['login'])){include('include

1. <?php
2.  
3. $error_msg = '';
4.    
5. if(isset($_POST['login'])){
6.  
7. include('include/connection.inc.php');
8.  
9.     $username = mysqli_real_escape_string($conn, $_POST['username']);
10.     $password = mysqli_real_escape_string($conn, $_POST['password']);
11.  
12.  
13. if(empty($username) || empty($password))
14.     $error_msg = 'All fields must be filled';
15.  
16. else {
17.  
18.     $sql = "SELECT * FROM users WHERE username = '$username'";
19.     $result = mysqli_query($conn, $sql);
20.     $row = mysqli_fetch_assoc($result);
21.     $pwdCheck = password_verify($password, $row['password']);
22.  
23.     if($pwdCheck){
24.  
25.         session_start();
26.         $_SESSION['username'] = $row['username'];
27.         $_SESSION['firstname'] = $row['firstname'];
28.         $_SESSION['lastname'] = $row['lastname'];
29.         header('Location: index.php');
30.  
31.     } else $error_msg = 'Username or password incorrect';
32.  
33.  
34. }
35.  
36. }
37.  
38. ?>