chiro-canto/public/auth/login/login.php

<?php

ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

session_start();


function check_credentials($username, $userpw) {
    $root = realpath($_SERVER["DOCUMENT_ROOT"]);
    require($root."/database/credentials.php");
    // Connect the database
    try{
        $db = new PDO("mysql:host=$host;dbname=$database;charset=utf8", 
            $user, 
            $password, 
            array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
            ));
    }catch (Exception $e){
        die("Error : ".$e->getMessage());
    }
    $req = $db->prepare('SELECT password FROM `authors` WHERE `username`=:username');
    $req->execute(array(
        "username"=>$username,
    ));
    if ($data = $req->fetch()){
        $password_hash =  $data['password'];
        if (password_verify($userpw, $password_hash)) {
            return True;
        } else {
            return False;
        }
    } else {
        return False;
    }
    
}

$_SESSION['error_msg'] = "";

if (isset($_POST['submit']))
{
    if (isset($_POST['username']))
    {
        $username = $_POST['username'];
    } else 
    {
        $_SESSION['error_msg'] .= _('You did not enter a proper username.').'\n';
    }
    if (isset($_POST['password'])) {
        $password = $_POST['password'];
    } else {
        $_SESSION['error_msg'] .= _('You did not enter a proper password.').'\n';
    }
} else 
{
    $_SESSION['error_msg'] .= _('You did not submit the register form.');
}

if ($_SESSION['error_msg'] == "")
{

    if (check_credentials($username, $password))
    {
        $_SESSION['logged'] = True;
        $_SESSION['username'] = $username;
        header('Location: '."/");
    } else {
        $_SESSION['error_msg'] = _('Incorrect password, please try again.').'\n';
        header('Location: '."../../auth/login");
    }
} else 
{
    header('Location: '."../../auth/login");
}
?>