real_escape_string($_POST['username']); $password = $_POST['password']; $sql = "SELECT * FROM tb_admin WHERE username='$username'"; $result = $conn->query($sql); if($result && $result->num_rows > 0){ $row = $result->fetch_assoc(); if(password_verify($password, $row['password'])){ $_SESSION['username'] = $username; $_SESSION['role'] = $row['role']; header("Location: index.php"); exit; } else { $error = true; } } else { $error = true; } } ?>