prepare("SELECT * FROM users WHERE email = ?");
$stmt->execute([$_POST['email']]);
$user = $stmt->fetch();
if ($user && password_verify($_POST['password'], $user['password_hash'])) {
$_SESSION['user_id'] = $user['id'];
$_SESSION['totp_secret'] = $user['totp_secret'];
$_SESSION['2fa_verified'] = false;
$_SESSION['user_role'] = $user['user_role'] ?? 'Client';
header('Location: verify_2fa.php');
exit;
} else {
$message = "Invalid credentials.";
}
}
?>
Login - SuperArc