Your code never checks if the user account exists in the database. It only checks if the query was executed without error. This should work(untested):
$query = "SELECT * FROM Users WHERE Email="$email" AND Password='$password' LIMIT 1";
if($result = mysqli_query($conn, $query)){
if(mysqli_num_rows($result) > 0){
//user account exists
$member = mysqli_fetch_array($result, MYSQLI_ASSOC);
$email = $member["Email"];
} else {
//user account does not exist
}
} else {
echo "Error executing database query.";
}
solved Any unregistered user can login (PHP)