PHP MVC - Is this the right way to do Model, View, Controller? Am I doing anything wrong?

Question

I am fairly new to PHP and MVC. I don't want to use any frameworks like CodeIgniter or Laravel. I want to learn about this from scratch. I am trying to make a login page. So here is my code:

HTML code:

<html>
<body>

<h2></h2>

<form action="" method="post">
  <input type="text" name="username">
  <input type="text" name="password">
  <input type="submit" value="Login">
</form>

</body>
</html>

Text.class.php code:

<?php

    class Text {
        function __construct()
        {
        }

        private function sanitize($text) {
            $sanitizedText = htmlspecialchars($text, ENT_QUOTES);
            return $sanitizedText;
        }
    }

?>

Database connection code (connection.php):

<?php
class Connection {

    public function dbc() {
        $host = 'localhost';
        $db = 'database1';
        $user = 'root';
        $pass = 'password123';
        $charset = 'utf8';

        $dsn = "mysql:host=$host;dbname=$db;charset=$charset";
        $opt = [
        PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
        PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
        PDO::ATTR_EMULATE_PREPARES   => false,
        ];
        return new PDO($dsn, $user, $pass, $opt);
    }
}
?>

Controller code (LoginController.php):

<?php
include_once('Text.class.php');

class LoginController {
    private $model;

    public function __construct() {
        $this->model = new LoginModel();
    }

    public function login($usernameOrEmail, $password) {
        $usernameOrEmail = sanitize($usernameOrEmail);
        $password = sanitize($password);

        if(!empty($usernameOrEmail) && !empty($password)) {
            if(isset($_POST['usernameOrEmail']) && isset($_POST['password'])) {
                $usernameOrEmail = $_POST['usernameOrEmail'];
                $password = $_POST['password'];
                $this->model->loginUser($usernameOrEmail, $password);
            } else {
                return "Please enter a username or password.";
                die();
            }
        } else {
            return "Please enter a username or password.";
            die();
        }
    }
}
?>

Model code (LoginModel.php):

<?php
include_once('connection.php');

class LoginModel() {
    private $dbc;

    private function loginUser($usernameOrEmail, $password) {
        $stmt = $this->dbc->prepare("SELECT username, password FROM users WHERE username = :usernameOrEmail OR email = :usernameOrEmail AND password = :password");
        $stmt->bindParam(':usernameOrEmail', $usernameOrEmail, PDO::PARAM_STR);
        $stmt->bindParam(':password', $password, PDO::PARAM_STR);
        $stmt->execute();
        $row = $stmt->fetch(PDO::FETCH_ASSOC);

        if($row) {
            return "Login successful!"
        } else {
            return "Wrong username or password.";
            die();
    }
}
?>

Also I'm kind of stuck and I have 3 question:

1. In the HTML code, what do I put for action="" in the form tag?
2. In my class Text.class.php, what do I put in the __construct?
3. In my Model code, how an I pass the "Login successful!" or "Wrong username or password." to the view and insert it into the ""?

If you can, please tell answer my questions and tell me what im doing wrong (if I am doing anything wrong).

thanks everyone!

Answer 1

1. Whatever you want.
2. Nothing, that class shouldn't even exists. The validation should be done in the model layer, preferable in the relevant domain object.
3. Your controller should pass the username and password to the authentication service (which is part of model layer). Then the view should require the information about user account from the authentication service (which would return null or an exception, if authentication failed).

Also, you should hash the user passwords or get a new hobby.