prepare("SELECT * FROM users WHERE username = ?");
$stmt->execute([$username]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if ($user && password_verify($password, $user['password'])) {
$_SESSION['user_id'] = $user['user_id'];
$_SESSION['username'] = $user['username'];
$_SESSION['role'] = $user['role'];
// Redirect based on role
if ($user['role'] === 'accountant') {
header("Location: dashboard.php");
} elseif ($user['role'] === 'md') {
header("Location: md_dashboard.php");
} else {
header("Location: dashboard.php");
}
exit;
} else {
$errors[] = "Invalid username or password.";
}
} catch (PDOException $e) {
$errors[] = "Database error: " . $e->getMessage();
}
}
?>
Login - Procurement System