prepare($sql); $stmt->execute(['username' => $username]); $user = $stmt->fetch(PDO::FETCH_ASSOC); if ($user && is_array($user)) { if (password_verify($password, $user['password'])) { $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['role'] = $user['role']; $_SESSION['nama_masjid'] = $user['nama_masjid'] ?? ''; if (in_array($user['role'], ['admin', 'walikota'])) { header("Location: dashboard.php"); } else { header("Location: index.php"); } exit; } else { header("Location: login.php?error=invalid"); exit; } } else { header("Location: login.php?error=invalid"); exit; } } else { header("Location: login.php"); exit; } ?>