<?phprequire 'db2.php'$email = $mysqli->escape_string($_POST['email']);

1. <?php
2.  
3. require 'db2.php'
4.  
5. $email = $mysqli->escape_string($_POST['email']);
6. $result = $mysqli->query("SELECT * FROM users WHERE email='$email'");
7.  
8. if ( $result->num_rows == 0 ){
9. $_SESSION['message'] = "User with that email doesn't exist!";
10. header("location: error.php");
11. }
12. else {
13. $user = $result->fetch_assoc();
14.  
15. if ( password_verify($_POST['password'], $user['password'])){
16. $_SESSION['email'] = $user['email'];
17. $_SESSION['first_name'] = $user['first_name'];
18. $_SESSION['last_name'] = $user['last_name'];
19. $_SESSION['active'] = $user['active'];
20. $_SESSION['logged_in'] = true;
21. header("location: profile.php");
22. }
23. else {
24. $_SESSION['message'] = "You have entered a wrong password, please try again!";
25. header("location: error.php");
26. }
27. }
28. ?>