prepare($sql); $stmt->bind_param("s", $username); $stmt->execute(); $result = $stmt->get_result(); $user = $result->fetch_assoc(); if ($user && is_array($user)) { if (password_verify($password, $user['password'])) { $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['role'] = $user['role']; $_SESSION['nama_masjid'] = $user['nama_masjid'] ?? ''; if (in_array($user['role'], ['admin', 'walikota'])) { header("Location: dashboard.php"); } else { header("Location: index.php"); } exit; } else { header("Location: login.php?error=invalid"); exit; } } else { header("Location: login.php?error=invalid"); exit; } } else { header("Location: login.php"); exit; } ?>