For starters, never do that.
Storing passwords in clear text is a very, very bad idea:
A Code Crime[
^] in fact.
Have a look here:
Password Storage: How to do it.[
^] and it explains why, and what to do about it.
The best way is not to "brew your own" but to use Membership:
Introduction to Membership[
^] it handles it all for you, and provides extra security in that if an unauthorised person tries to access "secure" pages the system itself will refuse them permission and send them to the login page.
If you must continue with your version, then follow the instructions in the tip, and hash your passwords - and use the debugger to follow your code through and work out exactly what is going on. We can't do that for you because it is dependant to a greater or lesser extent on your DB and the data it holds, and we don't have access to that so we can't run it under the same conditions, or see what is being returned.