what error?
if you want to do something based on the authorized value, you would not include it in the WHERE term in the query. you would SELECT it, then test its value in the program logic.
also -
use 'require' for things your code must have.
include/require are not functions. leave the () around the path/file out.
don't attempt to detect if the submit button is set. there are cases where it wont be. instead, test if a post method form was submitted.
you need to trim, mainly so that you can detect if all white-space characters were entered, then validate all inputs before using them.
don't copy variables to other variables for nothing.
don't put dynamic values directly into sql query statements. use a prepared query. if it seems like using the mysqli extension is overly complicated and inconsistent, it is. this would be a good time to switch to the much simpler and better designed PDO extension.
you should be hashing the passwords. see php's password_hash() and password_verify(). you would not include the password in the WHERE term. you would SELECT the password, then after you have determined if a row of data was matched, use password_verify() in your program logic to test the password hash.
the fetch instruction returns either an array, a null, or a false value, not a number. is this where you are getting an error?
the only user value you should store in a session variable is the user id. you should query on each page request to get any other user data.
the redirect you perform upon successful completion of the post method form processing code needs to be to the exact same URL of the current page to cause a get request.
every redirect needs an exit/die statement to stop php code execution.
if you want to display a one-time success message, store it in a session variable, then test, display, and clear that session variable at the appropriate location in the html document.