$captcha_secret, 'response' => $captcha, 'remoteip' => $_SERVER['REMOTE_ADDR'] ?? null ]); $captcha_response = curl_exec($ch); curl_close($ch); $captcha_data = json_decode($captcha_response, true); $captcha_success = !empty($captcha_data['success']); } } if (!$captcha_success) { $errors[] = "CAPTCHA verification failed."; } // 3. Authentication if (empty($errors)) { try { $conn = getConnection(); $stmt = $conn->prepare(" SELECT id, username, password, uniqueid FROM users WHERE email = :email OR username = :username LIMIT 1 "); $stmt->execute([ 'email' => $user, 'username' => $user ]); $result = $stmt->fetch(PDO::FETCH_ASSOC); if ($result && password_verify($password, $result['password'])) { // Regenerate session ID on login (security) session_regenerate_id(true); $_SESSION['user_id'] = $result['id']; $_SESSION['username'] = $result['username']; $_SESSION['uniqueid'] = $result['uniqueid']; header("Location: /home.php"); exit; } else { $errors[] = "Invalid email/username or password."; } } catch (Exception $e) { $errors[] = "Database error: " . $e->getMessage(); } } // If failed $_SESSION['login_error'] = implode("
", $errors); header("Location: /landing.php"); exit; } ?>