prepare($query);
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows === 1) {
$user = $result->fetch_assoc();
// Verify password
if (password_verify($password, $user['password'])) {
// Regenerate session ID to prevent session fixation
session_regenerate_id(true);
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['last_activity'] = time();
header("Location: dashboard.php");
exit();
} else {
$error = "Invalid username or password.";
// Log failed attempt
error_log("Failed login attempt for user: " . $username);
}
} else {
$error = "Invalid username or password.";
}
$stmt->close();
}
}
}
// Generate CSRF token
if (!isset($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
?>
Login - Kayal Aqua 2025
close(); ?>