You should change your code so it doesn't read every record in the database. As it is you do your comparisons on every record, but you only use the result after reading all the records. So you only use the result of the comparisons on the last record.
In fact you should only read records which match the user ID and password. If there are any such records then you can login. If there aren't any, then you can't login.