prepare($sql)){ // Bind variables to the prepared statement as parameters $stmt->bindParam(":username", $param_username, PDO::PARAM_STR); // Set parameters $param_username = trim($_POST["prihlasovaciJmeno"]); // Attempt to execute the prepared statement if($stmt->execute()){ // Check if username exists, if yes then verify password if($stmt->rowCount() == 1){ if($row = $stmt->fetch()){ $id = $row["id"]; $username = $row["nick"]; $hashed_password = $row["password"]; if(password_verify($password, $hashed_password)){ // Password is correct, so start a new session session_start(); // Store data in session variables $_SESSION["loggedin"] = true; $_SESSION["id"] = $id; $_SESSION["username"] = $username; $_SESSION["wrongCr"] = false; // Redirect user to welcome page //header("location: welcome.php"); header("location: index.php"); } else{ // Password is not valid, display a generic error message $login_err = "Invalid username or password."; session_start(); $_SESSION["wrongCr"] = true; header("location: index.php"); } } } else{ // Username doesn't exist, display a generic error message $login_err = "Invalid username or password."; session_start(); $_SESSION["wrongCr"] = true; header("location: index.php"); } } else{ session_start(); $_SESSION["wrongCr"] = true; header("location: index.php"); } // Close statement unset($stmt); } } // Close connection unset($pdo); } ?>