Siro/backend/auth/login.php

<?php

require_once __DIR__ . '/../connect.php';

$email = filterRequest('email');
$phone = filterRequest('phone');
$password = filterRequest('password');

if (empty($phone) && empty($email)) {
    echo json_encode(["status" => "Failure", "data" => "Phone or email is required."]);
    exit;
}

// Build WHERE dynamically: support phone-only, email-only, or both
$conditions = [];
$params = [':password' => $password];
if (!empty($phone)) {
    $conditions[] = "passengers.phone = :phone";
    $params[':phone'] = $phone;
}
if (!empty($email)) {
    $conditions[] = "passengers.email = :email";
    $params[':email'] = $email;
}
$where = implode(' OR ', $conditions);

$sql = "SELECT
    passengers.`id`,
    passengers.`phone`,
    passengers.`email`,
    passengers.`password`,
    passengers.`gender`,
    passengers.`birthdate`,
    passengers.`site`,
    passengers.`first_name`,
    passengers.`last_name`,
    passengers.`education`,
    passengers.`employmentType`,
    passengers.`maritalStatus`,
    passengers.`created_at`,
    passengers.`updated_at`,
    email_verifications.verified
FROM
    `passengers`
LEFT JOIN email_verifications ON email_verifications.email = passengers.email
WHERE
    $where";
$stmt = $con->prepare($sql);
$stmt->execute($params);
$data = $stmt->fetchAll(PDO::FETCH_ASSOC);
$count = $stmt->rowCount();

if ($count > 0) {
    $stored_password = $data[0]['password'];
    if (password_verify($password, $stored_password)) {
        unset($data[0]['password']);
        echo json_encode([
            "status" => "success",
            "count" => $count,
            "data" => $data
        ]);
    } else {
        // The password is incorrect
        echo json_encode([
            "status" => "Failure",
            "data" => "Incorrect password."
        ]);
        // jsonError("Incorrect password.");
    }
    } else {
        echo json_encode([
                "status" => "Failure",
                "data" => "Invalid credentials."
            ]);
    }
$con = null;

?>