<?php$error = '';include('include/connection.inc.php');session_start();

1. <?php
2.  
3. $error = '';
4. include('include/connection.inc.php');
5. session_start();
6.  
7. if(isset($_POST['login'])) {
8.    
9.    $username = mysqli_real_escape_string($connection, $_POST['username']);
10.    $password = mysqli_real_escape_string($connection, $_POST['password']);
11.    
12.    
13.  
14.     if(empty($username) || empty($password)) {
15.        
16.         $error = 'Username or password cannot be empty';
17.     } else{
18.            
19.             $sql = "SELECT * FROM users WHERE username='$username'";
20.             $result = mysqli_query($connection, $sql);
21.            
22.            
23.             $row = mysqli_fetch_assoc($result);
24.            
25.            
26.             $hashedPwdCheck = password_verify($password, $row['password']);
27.            
28.             if($hashedPwdCheck){
29.                
30.                 $_SESSION['username'] = $row['username'];
31.                 $_SESSION['password'] = $row['password'];
32.                 header("Location: dashboard.php");
33. } else {
34.                
35.                 $error = 'Username or password incorrect';
36.             }
37.  
38.     }
39.    
40. }
41. ?>