I am using simple sign in form with Jquery and PHP but my problem that everytime I enter anything in the email and password it accepts even if does not exist! below my jquery and PHP as well and the url is:

http://order.smashburgerbahrain.com

My Page:

2. <!DOCTYPE html>
3. <html manifest="cache.manifest">
4. <head>
5.     <meta charset="UTF-8">
6.     <title>Welcome to Smashburger</title>
7.     <?php include './includes/meta.php'; ?>
8.     <link rel="stylesheet" href="css/signin.css">
9. </head>
10. <body style="background: url(images/homepage.jpg) no-repeat center center fixed; -webkit-background-size: cover; -moz-background-size: cover; -o-background-size: cover; background-size: cover;">
11. <span class="button" id="toggle-login">Log in</span>
12. <div id="login">
13.   <div id="triangle"></div>
14.   <div id="divLogin">
15.   <h1>Sign in</h1>
16.   <form id="login-form" name="login-form">
17.     <input type="email" id="txtSigninEmail" name="txtSigninEmail" placeholder="Email" />
18.     <input type="password" id="txtSigninPassword" name="txtSigninPassword" placeholder="Password" />
19.     <div style="text-align:center"><img id="imgLoading" src="images/signin_loading.gif" style="display: none;" alt="Please wait"></div>
20.     <input type="button" id="btnLoginNow" name="btnLoginNow" value="Sign in" /><br><br>
21.     <input type="button" id="btnRegister" name="btnRegister" value="Sign up Now" />
22.   </form>
23.   </div>
24.   <div id="divRegister" style="display: none;">
25.   <h1>Sign up</h1>
26.   <form>
27.     <input type="email" placeholder="First Name" />
28.     <input type="email" placeholder="Last Name" />
29.     <input type="email" placeholder="Email" />
30.     <input type="password" placeholder="Password" />
31.     <input type="button" id="btnRegisterNow" name="btnRegisterNow" value="Sign up" /><br><br>
32.     <input type="button" id="btnLogin" name="btnLogin" value="Sign in" />
33.   </form>
34.   </div>
35. </div>
36.     <?php include './includes/jquery.php'; ?>
37. <script src="jQueryAssets/index.js"></script>
38. 
    
39. <script type="text/javascript">
40. $(document).ready(function()
41. {
42.     $('#btnRegister').click(function()
43. {
44. $('#divLogin').hide();
45. $('#divRegister').show();
46. });
47. 
    
48.     $('#btnLogin').click(function()
49. {
50. $('#divRegister').hide();
51. $('#divLogin').show();
52. });
53. 
    
54. $('#btnLoginNow').click(function ()
55. {
56. $("txtSigninEmail").prop('disabled', true);
57. $("txtSigninPassword").prop('disabled', true);
59. $('#btnLoginNow').hide();
60. $('#btnRegister').hide();
61. $('#imgLoading').show();
62. 
    
63. $.ajax({
64. type: 'POST',
65. url: "login.php",
66. data: $('#login-form').serialize(),
67. success: function()
68. {
69. window.location.href = 'menu';
70. },
71. error: function(jq,status,message)
72. {
73. window.location.href = '/';
75. $("txtSigninEmail").prop('disabled', false);
76. $("txtSigninPassword").prop('disabled', false);
78. $('#imgLoading').hide();
79. $('#btnLoginNow').show();
80. }
82. });
83. });
84. });
85. </script>
86. </body>
87. </html>

My PHP:

2. <?php
3.     include('includes/php_header.php');
4.     include($_SESSION["smashburger_absolute_path"] . '/includes/Mobile_Detect.php');
5. include($_SESSION["smashburger_absolute_path"] . '/includes/password_hash.php');
6.     include($_SESSION["smashburger_absolute_path"] . '/includes/connect2db.php');
8. if (isset($_POST["txtLoginName"]))
9. {
10.     $login_email = $_POST["txtSigninEmail"];
11. }
12. else
13. {
14. exit(header("Location: ./"));
15. }
17.     $login_password = $_POST['txtSigninPassword'];
19. $password_salt = get_password_salt($login_email);
20. $password_hash = hash_password($login_password, $password_salt);
21. 
    
22.     $mysql_query = $mysql_connection->prepare('CALL sp_signin_customer(:param_email, :param_login_password_salt, :param_login_password_hash, :param_ip_address)');
23.     $mysql_query->bindParam(':param_email', $login_email, PDO::PARAM_STR);
24. $mysql_query->bindParam(':param_login_password_salt', $password_salt, PDO::PARAM_STR);
25.     $mysql_query->bindParam(':param_login_password_hash', $password_hash, PDO::PARAM_STR);
26. $mysql_query->bindParam(':param_ip_address', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR);
27.     
28.     $mysql_query->execute();
29. 
    
30. if ($mysql_query->rowCount() <= 0)
31. { exit(header("Location: index.php")); }
33. while($mysql_row = $mysql_query->fetch())
34. {
35. $_SESSION["id"] = session_id();
36. $_SESSION["timestamp"] = time();
37. $_SESSION["loggedOn"] = true;
38. $_SESSION["customer_id"] = $mysql_row["customer_id"];
39. }
40. ?>

Thanks,

Jassim Rahma