$query = "SELECT username, password, Paid from customers where username=? AND password=? AND Paid='y' LIMIT 1";
$stmt = $conn->prepare($query);
$stmt->bind_param("ss", $username, $password);
$stmt->execute();
$stmt->bind_result($username, $password);
Your
SELECT
statement requests three variables, but your
bind_result
only specifies two.