this whole thing makes no sense for me, ehsserver.php looks identicaly to the login part from server.php, it even defines the credentials doubled - and then you include both? that second part will barely execute when the first part already redirects. Also you need to fix your database querying, use Prepared Statements
https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php
and up-to-date password hashing
https://www.php.net/manual/en/function.password-hash.php
that’s serious security issues.