<?phpsession_start();include_once 'dbconnect.php';if ($_SERVER['REQU

1. <?php
2. session_start();
3.  
4. include_once 'dbconnect.php';
5.  
6.  
7. if ($_SERVER['REQUEST_METHOD'] === 'POST') {
8.  
9. $options = [
10. 'cost' => 12,
11. ];
12.  
13. $email = mysqli_real_escape_string($con, $_POST['email']);
14. $password = password_hash($con, $_POST['password'], PASSWORD_BCRYPT, $options);
15.  
16.  
17. $result = mysqli_query($con, "SELECT * FROM `users` WHERE `email` = '" . $email. "' and `password` = '" . $password . "'");
18.  
19. if(count($result) > 0 && password_verify($_POST['password'], $result['password']) ){
20.  
21. $_SESSION['user_id'] = $result['id'];
22. header("Location: admin_site/panel.php");
23. exit();
24.  
25. } else {
26. $message = 'Invalid pass or email';
27. }
28.  
29.  
30. }
31. ?>