prepare("SELECT id, password FROM users WHERE username = ?"); $stmt->bind_param("s", $username); $stmt->execute(); $stmt->store_result(); if ($stmt->num_rows === 0) { echo json_encode([ "success" => false, "message" => "Username Not Found" ]); $stmt->close(); $conn->close(); exit; } $stmt->bind_result($userId, $hashedPassword); $stmt->fetch(); if (password_verify($password, $hashedPassword)) { $_SESSION['user_id'] = $userId; $_SESSION['username'] = $username; echo json_encode([ "success" => true, "message" => "Login successful", "username" => $username, "token" => bin2hex(random_bytes(32)) ]); } else { echo json_encode([ "success" => false, "message" => "Incorrect password" ]); } $stmt->close(); $conn->close(); ?>