And if you pass the string "' OR 1=1 -- " to $_POST["login"] then you can log in with any password.

If it is possible to use fewer queries - use it.
var_dump is just as good for beginners, it's like having a penknife with you always and everywhere, but don't forget that there are other ways to debug - xdebug for example.

<?php
if (isset ($_POST['done'])) {
    $login = $_POST["login"];
    $password = $_POST["password"];
    if(empty($login)) {
        exit ("Вы не ввели логин.");
    }
    if(empty($password)) {
        exit ("Вы не ввели пароль");
    }
    $mysqli = new mysqli ("localhost", "root", "", "ural_steel");
    $q = $mysqli -> prepare ("SELECT `password` FROM `registr` WHERE `login`=?");
    $q->bind_param('s', $login);
    $result = $q->execute();
    $row = $q->fetch();
    if ($row !== NULL) {
        if (crypt(md5($password)) == $row['password']) {
            exit ("Поздравляю, вы вошли!");
        } else {
            exit ("Пароль не верный!");
        }
    } else {
        exit("Такого логина не существует!");
    }

}
?>