$email)); try { if ($email === '' || $password === '') throw new RuntimeException('Please enter email and password.'); $cols = om_detect_columns($db, 'users'); if (!$cols) throw new RuntimeException('Users table not found.'); $map = om_select_user_columns($cols); if (!$map['email'] || !$map['password']) throw new RuntimeException('Required user columns are missing.'); $selectCols = array(); foreach (array($map['id'],$map['name'],$map['email'],$map['password'],$map['role']) as $c) { if ($c && !in_array($c,$selectCols,true)) $selectCols[]=$c; } $quoted = array(); foreach ($selectCols as $c) $quoted[] = '`' . $c . '`'; $sql = "SELECT " . implode(', ', $quoted) . " FROM `users` WHERE `{$map['email']}` = ? LIMIT 1"; $stmt = $db->prepare($sql); if (!$stmt) throw new RuntimeException('Login query could not be prepared.'); $stmt->bind_param('s', $email); $stmt->execute(); $user = $stmt->get_result()->fetch_assoc(); $stmt->close(); if (!$user) throw new RuntimeException('Invalid email or password.'); $stored = isset($user[$map['password']]) ? (string)$user[$map['password']] : ''; $ok = password_verify($password, $stored) || hash_equals($stored, $password); if (!$ok) throw new RuntimeException('Invalid email or password.'); $_SESSION['user'] = array( 'id' => $map['id'] ? (isset($user[$map['id']]) ? $user[$map['id']] : null) : null, 'name' => $map['name'] ? (isset($user[$map['name']]) ? $user[$map['name']] : '') : '', 'email' => isset($user[$map['email']]) ? $user[$map['email']] : $email, 'role' => $map['role'] ? (isset($user[$map['role']]) ? $user[$map['role']] : 'user') : 'user', ); om_clear_old(); $role = strtolower((string)$_SESSION['user']['role']); if ($role === 'publisher') om_redirect('/publisher'); if ($role === 'advertiser') om_redirect('/advertiser'); om_redirect('/dashboard'); } catch (Throwable $e) { $error = $e->getMessage(); } } om_page_header('Login', 'Enter your credentials to continue.', 'blue'); om_render_success($success); om_render_error($error); ?>