php-vulnerabilities/login.php

<?php 
include_once 'database.php';

session_start();

if ($_SERVER["REQUEST_METHOD"] === "POST") {
    $email = $_POST["email"];
    $password = $_POST["password"];

    $username = loginUser($email, $password);
    if (!is_null($username)) {
        $_SESSION['error_message'] = null;
        $_SESSION['username'] = $username;
        $_SESSION['email'] = $email;
    } else {
        $_SESSION['error_message'] = "Invalid email or password";
    }
    header("Location: /products");
}
?>