prepare('SELECT * FROM users WHERE username = ? OR email = ? LIMIT 1');
$stmt->execute([$username, $username]);
$user = $stmt->fetch();
if (!$user || !password_verify($password, $user['password_hash'])) {
$error = 'Invalid username or password.';
} elseif (!$user['email_confirmed']) {
$error = 'Please confirm your email address before logging in. Check your inbox for the confirmation link.';
} else {
session_regenerate_id(true);
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['email'] = $user['email'];
$_SESSION['role'] = $user['role'];
$_SESSION['display_name'] = $user['display_name'] ?? $user['username'];
$_SESSION['rosary_limit'] = (int)$user['rosary_limit'];
header('Location: ' . BASE_URL . '/admin/');
exit;
}
}
}
$confirmed_msg = isset($_GET['confirmed']) ? 'Email confirmed! You can now log in.' : '';
$reset_msg = isset($_GET['reset']) ? 'Password reset successfully. Please log in.' : '';
?>
Login — <?= htmlspecialchars(get_setting('site_name', APP_NAME)) ?>