real_escape_string($username); $sql = "SELECT * FROM users WHERE username = '$username_esc'"; $result = $conn->query($sql); if ($result->num_rows > 0) { $user = $result->fetch_assoc(); if (password_verify($password, $user['password'])) { $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['role'] = $user['role']; $_SESSION['nama_masjid'] = $user['nama_masjid'] ?? ''; // Arahkan ke dashboard jika admin/walikota, ke peta jika warga if (in_array($user['role'], ['admin', 'walikota'])) { header("Location: dashboard.php"); } else { header("Location: index.php"); } exit; } else { header("Location: login.php?error=invalid"); exit; } } else { header("Location: login.php?error=invalid"); exit; } } else { header("Location: login.php"); exit; } ?>