Why authentication fails?

On the website authentication fails, at the time, as the registration data is written to the database without problems
Form:
<div class="col-md-8 mb-3">
Authorization
<form>
<label>Login</label>
 <input type="text" name="login" class="form-control col-md-6" id="login">
<label>Password</label>
 <input type="password" name="password" class="form-control col-md-6" id="password">
 <div class="alert alert-danger mt-4 col-md-6" id="errorBlock" style="display: none"></div>
 <button class="btn btn-success mt-2" id="auth_user">Login</button>
</form>
 </div>

Ajax request:
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>



the <script>
$('#auth_user').click(function(){
 var login = $('#login').val();
 var password = $('#password').val();
$.ajax({
 url: 'ajax/auth.php',
 type: 'POST',
 cache: false,
 data: {'login':login, 'password':password},
 dataType: 'html',
 success: function(data){
 if(data == 'Ready'){
$('#auth_user').text('Ready');
$('#errorBlock').hide();
document.location.reload(true);
}
 else {
$('#errorBlock').show();
$('#errorBlock').text(data);
}
}
});
});
</script>

auth.php:
<?php

 $login = trim(filter_var($_POST['login'], FILTER_SANITIZE_STRING));
 $password = trim(filter_var($_POST['password'], FILTER_SANITIZE_STRING));


 $hash = "3h#%89*H#($h!~fh";
 $password = md5($password.$hash);

 require_once "../sqlconnect.php"; #Connect to dB via pdo

 $sql = 'SELECT `id` FROM `userinfo` WHERE `login` = :login && `password` = :password';
 $query = $pdo->prepare($sql);
 $query->execute(['login' => $login, 'password' => $password]);

 $user = $query->fetch(PDO::FETCH_OBJ);
 if ($user->id == 0) {
 echo 'that user does not exist';
}
else{
 setcookie('log', $login, time() + 3600*24, '/');
 echo "Done";
}

 echo 'Ready';

?>

sqlconnect.php:
<?php
 $user = 'root';
 $pass = ";
 $db = 'users';
 $host = 'localhost';

 $dsn = 'mysql:host='.$host.';dbname='.$db;
 $pdo = new PDO($dsn, $user, $pass);

?>
April 3rd 20 at 18:57
1 answer
April 3rd 20 at 18:59
I would venture to suggest that cookies that exposes auth.php when the ajax request by the browser and are not perceived in the local store are not recorded. Therefore, the authorization request in the version with cookies made the old fashioned way - through form-submit when the answer arrives not the result of ajax, and a full html, along with which comes the need to cook.
Looking for a way to save the cookie in the browser script. In the developer console you can see it on the Network tab when viewing the ajax request. For a start, would be nice to read here, then start to learn some JS-framework, I liked it vue.js low enough threshold of entrance, it is highly logical. Over time you realize that jquery will not get far, so the transition to framework - a question of time

Find more questions by tags PHPMySQL