prepare("SELECT * FROM users WHERE email = ? LIMIT 1"); $stmt->execute([$email]); $user = $stmt->fetch(); if (!$user || !password_verify($password, $user['password'])) { // Tambah sedikit delay untuk mencegah brute force sleep(1); header('Location: ' . BASE_URL . '/admin/login.php?error=invalid&email=' . urlencode($email)); exit; } loginUser($user); header('Location: ' . BASE_URL . '/admin/'); exit;