I wrote the code to log in php to the admin panel. Everything works as it should. But I am not sure if it is well written code and if it is safe. I care about security. I have read a lot about it but I am still not sure. Please, help me.
<form method="post">
<input type="email" name="email" placeholder="Email">
<input type="password" name="password" placeholder="Password">
<button type="submit" name="submit">Submit</button>
</form>
LOGIN PAGE:
session_start();
session_regenerate_id();
if(isset($_POST['submit'])){
unset($_POST['submit']);
if(in_array('', $_POST)){
//Errors for empty input
} else {
if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){
if(Check if the user exists in the database){
if(password_verify($_POST['password'], Password field in db)){
$_SESSION['loggedin'] = 1;
header('Location: welcome');
exit();
} else {
//Wrong login credentials
}
} else {
//Wrong login credentials
}
} else {
//Wrong email
}
}
}
}
PAGE AFTER LOGIN:
session_start();
session_regenerate_id();
if(empty($_SESSION['loggedin'])){
header('Location: login');
exit();
}
Source: Ask PHP