Security of logging into the admin panel

  authentication, html, php, security, session

I wrote the code to log in php to the admin panel. Everything works as it should. But I am not sure if it is well written code and if it is safe. I care about security. I have read a lot about it but I am still not sure. Please, help me.

<form method="post">
   <input type="email" name="email" placeholder="Email">
   <input type="password" name="password" placeholder="Password">
   <button type="submit" name="submit">Submit</button>
</form>

LOGIN PAGE:

session_start();
session_regenerate_id();
if(isset($_POST['submit'])){
   unset($_POST['submit']);
      if(in_array('', $_POST)){
         //Errors for empty input
      } else {
         if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){
            if(Check if the user exists in the database){
               if(password_verify($_POST['password'], Password field in db)){
                  $_SESSION['loggedin'] = 1;
                  header('Location: welcome');
                  exit();
               } else {
                  //Wrong login credentials
               }
            } else {
               //Wrong login credentials
            }
         } else {
            //Wrong email
         }
      }
   }
}

PAGE AFTER LOGIN:

session_start();
session_regenerate_id();
if(empty($_SESSION['loggedin'])){
   header('Location: login');
   exit();
}

Source: Ask PHP

LEAVE A COMMENT