[MyNameIsCode]

А вот модель

function loginUser($username, $password) {
    $username = htmlspecialchars($username);
    $password = htmlspecialchars($password);


    global $pdo;

    $statement = $pdo->query("SELECT * FROM users
			WHERE (username = {$username} AND password = {$password})
			LIMIT 1");

    $sql = $statement->fetch();
    $rs = createSmartyRsArray($sql);
    if (isset($rs[0])) {
        $rs['success'] = 1;
    } else {
        $rs['success'] = 0;
    }

    return $rs;
}