Looks like it would be right to me.
What if you just add: <?php echo("Log in success"); ?>
That would presumably bypass the login and respond as if everyone successfully logged in. That could help you narrow down whether it is an issue with the app or the web page.