<?php include "db.php"; //DB Connection $connection = new DbConnect(); $connection->Connect("localhost", "root", "root", "users"); $user = mysql_real_escape_string($_POST['username']); $pass = mysql_real_escape_string($_POST['password']); //Verify Username First $fetch = mysql_query("SELECT id FROM `login` WHERE username='******'"); $count = mysql_num_rows($fetch); if ($count != "") { //Fetch Hashed Password $fetch = mysql_query("SELECT password FROM login WHERE username = '******';"); $r = mysql_fetch_assoc($fetch); $salt = $r['password']; if (password_verify($pass, $salt)) { session_start(); $_SESSION['login_username'] = $user; header("Location:../admin/index.php"); } else { echo "<script>\n\t\t\t\t\t\talert('Wrong Password or Username');\n\t\t\t\t\t\twindow.location.href='../admin/admin_login.php';\n\t\t\t\t\t </script>"; } } else { echo "<script>\n\t\t\t\talert('Wrong Password or Username');\n\t\t\t\twindow.location.href='../admin/admin_login.php';\n\t\t\t </script>"; }