if(empty($username_err) && empty($password_err)){ // Prepare a select s

1. if(empty($username_err) && empty($password_err)){
2. // Prepare a select statement
3. $sql = "SELECT id, username, pasword FROM users WHERE username = ?";
4. s
5. if($stmt = mysqli_prepare($link, $sql)){
6. // Bind variables to the prepared statement as parameters
7. mysqli_stmt_bind_param($stmt, "s", $param_username);
8.  
9. // Set parameters
10. $param_username = $username;
11.  
12. // Attempt to execute the prepared statement
13. if(mysqli_stmt_execute($stmt)){
14. // Store result
15. mysqli_stmt_store_result($stmt);
16.  
17. // Check if username exists, if yes then verify password
18. if(mysqli_stmt_num_rows($stmt) == 1){
19. // Bind result variables
20. mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password, $user_type_value);
21. if(mysqli_stmt_fetch($stmt)){
22. if(password_verify($password, $hashed_password)){
23. // Password is correct, so start a new session
24. session_start();
25.  
26. // Store data in session variables
27. $_SESSION["loggedin"] = true;
28. $_SESSION["id"] = $id;
29. $_SESSION["username"] = $username;
30. $_SESSION["user_type_value"] = $user_type_value;
31.  
32. // Redirect user to welcome page
33. header("location: welcome.php");
34. } else{
35. // Display an error message if password is not valid
36. $password_err = "The password you entered was not valid.";
37. }
38. }
39. } else{
40. // Display an error message if username doesn't exist
41. $username_err = "No account found with that username.";
42. }
43. } else{
44. echo "Oops! Something went wrong. Please try again later.";
45. }