prepare($sql); $stmt->bind_param("s", $username); $stmt->execute(); $result = $stmt->get_result(); // if the query returns some record, that means username and password are in the DB. if ($result->num_rows > 0) { $row = $result->fetch_assoc(); $stored_password = $row['password']; $availability = $row['availability']; if ($availability === 1){ if (password_verify($_POST['password'], $stored_password) || $password === $stored_password) { $_SESSION['loggedin'] = true; $_SESSION['username'] = $username; $_SESSION['usertype'] = $usertype; $_SESSION['uid'] = $row['u_id']; header('Location: ../index.php'); exit(); } } else{ header('Location: password.php?error=Cannot login. Please contact the administrator.&username=' . urlencode($username)); exit(); } } else{ header('Location: password.php?error=Invalid password&username=' . urlencode($username)); exit(); } } // Check if the user is already logged in if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) { //check usertype and redirct to user page if(isset($_SESSION['usertype']) && $_SESSION['usertype'] === 'buyer'){ echo ""; } if(isset($_SESSION['usertype']) && $_SESSION['usertype'] === 'seller'){ echo ""; } if(isset($_SESSION['usertype']) && $_SESSION['usertype'] === 'admin'){ echo ""; } if(isset($_SESSION['usertype']) && $_SESSION['usertype'] === 'guide'){ echo ""; } } else { echo ""; } ?>