<?php
if(!empty($_POST['enter'])){
    $sql = 'SELECT `id_user`, `fullname`, `phone`, `email`, `login`, `password`, `role` FROM `users`
    WHERE `login` = :login AND
    `password` = :password';
    $sth = $dbh->prepare($sql, [PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY]);
    $sth->execute([
        "login"=>$_POST['login'],
        "password"=>$_POST['password'],
    ]);
    $red = $sth->fetch();
    if($red){
        setcookie("id", "$red[id_user]", time() + 3600);
        setcookie("role", "$red[role]", time() + 3600);
        header('Location: order.php');
    }
    else{
        $error = 'Неверно введён логин или пароль!';
    }
}
?>