It's good that you're trying to separate your concerns, but MVC is a design pattern based on top of OOP principles.
OOP works with objects, and those objects are defined by a class, which is like a blueprint.
So in this example, you'd want everything to go through the controller, then depending on whether you want to save out, you'd want to call the model.
public function indexAction()
$username = $_POST['username'];
$password = $_POST['password'];
if(!is_null($username) AND !is_null($password))
$user = new \Service\User();
$credentialsAreValid = $user->checkCredentials($username, $password);
public function checkCredentials($username, $password)
$dsn = "mysql:host=localhost;dbname=db";
$dbuser = "root";
$dbpass = "pass";
$db = new PDO($dsn, $dbuser, $dbpass);
$db->prepare("SELECT * FROM user WHERE username = ? AND password = ?");
$res = $db->execute();
if(count($res->fetchAll()>0) return true;
As you can see the logic is separated into a service, and is only called if it is needed. We've also used pdo to prevent SQL injections, (though shouldn't really be creating objects in here).
Id suggest you look into autoloading, and have a play with a framework like Silex as it will teach you these principles.