<?php
$_POST = array(
    'user'=>'abc',
    'password'=>'def');

function doesQueryReturnAnyRow($query) {
    var_dump($query);
    return true;
}

function checkLogin() {
    $user = $_POST['user']; // ESCAPE FEHLT!!!!
    $password = $_POST['password']; // ESCAPE FEHLT!!!!

    $query = "SELECT * FROM users"
           . " WHERE user = '$user'"
           . " AND password='$password'"; // Siehe Hint
    return doesQueryReturnAnyRow($query);
}

if (checkLogin()) {
    echo "Information: Task solved!";
}