Untitled

<?php
//pulls in database login credentials
require_once('credentials.php');
session_start();

//DEVELOPMENT PURPOSES ONLY. REMOVE BEFORE SUBMISSION!
error_reporting (E_ALL);
ini_set('display_errors', 1);
if(!empty($_POST['username']) && !empty ($_POST['password'])) {

    $username = mysqli_real_escape_string($conn, $_POST["username"]);
    //hashes user input to match against database hash
    $password = password_hash(mysqli_real_escape_string($conn, $_POST["password"]), PASSWORD_BCRYPT);

    $sql = "SELECT username,password FROM Credentials.Users WHERE username = '$username' AND password = '$password'";
    $result = $conn->query($sql);

    echo mysqli_error($conn);

    if ($result->num_rows > 0) {

                $_SESSION['user'] = $username;

                if(isset($_SESSION['user'])){
                    echo 'logged in!';
                }else{
                    echo 'not logged in wtf';
                }
    }else{
        echo 'there aint no rows brother';
    }
}else{
    echo 'i fucked up the form';
}