I am writing a basic website login script in PHP (login_config.php).

My question is: Am I implementing the password_verify() function properly in regards to user security/protection?

-Note: Post data is being sent from login.php

CODE (LOGIN_CONFIG.PHP):

        <?php                       //POST VARIABLES
    $submit = $_POST['login_submit'];
    $username = $_POST['login_username'];
    $password = $_POST['login_password'];
    $email = $_POST['login_email'];

    require 'password_config.php';
    if(isset($submit)){
    require 'db/connect.php';
    //PASSWORD VERIFYING
    $pass_query = "SELECT password FROM users WHERE email='$email'";
    $queried = mysql_query($pass_query);
    while($row = mysql_fetch_array($queried)){
    $user_pass = $row['password'];
    $veri_password = password_verify($password, $user_pass);
    }
    if(!$veri_password === true){$errors[] = '-Account does not exist ';}

EDIT: I am aware of other flaws, please regard to the initial question.

You are correctly using the password_verify() function as long as $row['password'] is returning the correspondent password hash created by password_hash() of the plain password, and not the plain password itself or any other value than that.

Note that no further security concerns are included in this answer.