prepare($sql); $st->execute([ ':u' => $identifier, ':ew' => $identifier, ':ep' => $identifier, ]); $row = $st->fetch(); if (!$row) { $err = 'Invalid credentials.'; } elseif ($row['status'] !== 'enabled') { $err = 'Account is not enabled.'; } elseif (!password_verify($password, $row['password_hash'])) { $err = 'Invalid credentials.'; } else { $_SESSION['account_id_hex'] = strtolower($row['id_hex']); $_SESSION['username'] = $row['username']; ensure_default_system_admin_for_account((string)$row['id_hex'], (string)($row['username'] ?? '')); $ip = $_SERVER['HTTP_CF_CONNECTING_IP'] ?? $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR'] ?? null; $upd = system_pdo()->prepare(" UPDATE accounts SET last_login_at=NOW(), last_login_ip=:ip, failed_login_count=0 WHERE id=UNHEX(:hex) "); $upd->execute([ ':ip' => $ip, ':hex' => $row['id_hex'], ]); flash_add('success', 'Logged in successfully.'); redirect('/'); } } } page_header('Login'); ?>