login

<?php
    $server = 'localhost';
    $username = 'username';
    $password = 'password';
    $db = 'database';

    $conn = mysqli_connect($server,$username,$password,$db);
    if(!$conn){
    die("Connection Failed!:".mysqli_connect_error());
}
?>

<?php session_start();
     if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) { //TO CHECK IF LAST REQUEST WAS MORE THAN 30 SECONDS AGO
    session_unset();     // unset $_SESSION variable for the run-time
    session_destroy();   // destroy session data in storage, log out user
    }
    $_SESSION['LAST_ACTIVITY'] = time(); // UPDATE LAST ACTIVITY STAMP
?>
<!--you can puth the above two php code in seperate files and include them at the top of every page-->

<?php
    if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true) {  //if a user is logged in
        echo "<script type='text/javascript'> document.location = 'panel.php'; </script>"; //using javscript to redirect
      //  header('Location: panel.php');  //using php to redirect
        //you may choose any of the two redirect options above
    } else { //IF NO USER LOGGED IN
        //do nothing
    }
    //this php code above detects if a user is logged in and session is true
?>

 <?php
if(isset($_POST{'signin_submit'})){ //IF LOGIN BTN WAS CLICKED AND SENT TO THIS PAGE
    if(!empty($_POST{'user_email'}) && !empty($_POST{'user_password'})){ //CHECK IF EMAIL AND PASSWORD IS NOT EMPTY
        $get_user_email = $_POST['user_email'];
        $get_user_email = mysqli_real_escape_string($conn,$get_user_email);
        $get_password = $_POST['user_password'];
        $sql = "SELECT * FROM users WHERE email = '$get_user_email' AND password = '$get_password'";
        if($result1 = mysqli_query($conn,$sql)){ //FOR USERS IF THERE IS CONNECTION TO THE DATABASE WHERE EMAIL AND PASSWORD IS AVAILABLE
            if(mysqli_num_rows($result1) == 1){ //IF NO. OF ROWS WITH ABOVE QUERY IS JUST ONE
                 $_SESSION['loggedin'] = true;
                $_SESSION['user_email'] = $get_user_email; // $username coming from the form, such as $_POST['username']
                $_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
               // $inno_sql = mysqli_query($conn,$sql);
                while($rows = mysqli_fetch_assoc($result1)){ //RETRIEVE USER DETAILS
                    //this session variables below can be used in the entire application to represent the users data it equates to
                    $_SESSION['name'] = $rows['name'];
                    $_SESSION['id'] = $rows['id'];
                    $_SESSION['created_at'] = $rows['created_at'];
                    $_SESSION['updated_at'] = $rows['updated_at'];
                }
                header('Location: dashboard.php');

            } else{
                echo "<script type='text/javascript'> document.location = 'signin.php?login_error=wrong'; </script>";
              //  header('Location: signin.php?login_error=wrong');
            } //
        } else{ //if sql query is incorrect
            header('Location: signin.php?login_error=query_error');
        }
    }else{ //if email or password is empty
        header('Location: signin.php?login_error=empty');
    }
}else{
    $login_err = ''; //set this variable to empty string if there is no login request
}
        if(isset($_GET['login_error'])){ //TO OUTPUT LOGIN ERROR
            if($_GET['login_error'] == 'empty'){  //LOGIN ERROR FOR EMPTY
                $login_err = "<div class='alert alert-danger'>Email or password was empty!</div>";
            }elseif($_GET['login_error'] == 'wrong'){ //LOGIN ERROR FOR INVALID DETAILS
                $login_err = "<div class='alert alert-warning'>Invalid email or password!</div>";
            }
        }
   echo $login_err;  //show login error in browser
?>