hi.. i hope there's someone who can help me..

I have this problem on my login page..
it seems that it's not reading my password..
I tried to enter an incorrect username and password, and the login failed message appeared which is correct.
I tried to enter the correct username and password, and the login succeeded which is also correct.
then, I tried to enter the correct username and wrong password, the login succeeded again, which is supposed
to be the login failed message will appear.

Here's my codespassword5.asp)

<%
Response.Expires = -1000
Response.Buffer = True
Session("UserLoggedIn") = ""
If Request.Form("username") <> "" And Request.Form("pword") <> "" Then
CheckLogin
Else
ShowLogin
End If

Sub ShowLogin
%>



<body background="back.jpg">

<form name="login" method="post" action="password5.asp">


<h1><center> Company Name </center></h1>
<h2><center> System </center></h2>
<br/><br/><br/><p> <Center> Enter Username and Password </center> </p> <br/>
<p><center> USER NAME <input type="text" name="username"> <br/><br/> PASSWORD <input type="password" name="pword"><br/><br/>
<input type="submit" value="Login" >
</center> </p>

</form>

</body>




<%
End Sub

Sub CheckLogin

Dim Conn, rs, sql


set Conn = server.createobject("adodb.connection")
Conn.Open "DSN=dsn;UID=id;PWD=pass;Database=database"


sql = "SELECT * FROM table WHERE EmpId = '"&(Request.Form("username")) & "';"

Set rs = conn.execute(sql)

Session("UserLoggedIn") = "false"
Do While Not rs.EOF
%>



<form name="login" method="post" action="password5.asp">
<input type="hidden" name="txtusername1" value="<%response.write(trim(Request.form("usernam e")))%>"> <br>
<input type="hidden" name="txtpword1" value="<%response.write(trim(Request.form("pword") ))%>"> <br>
<input type="hidden" name="txtusername" value="<%response.write(trim(rs("EmpId")))%>"> <br>
<input type="hidden" name="txtpword" value="<%response.write(trim(rs("Password")))%>"> <br>
</form>

</form>


<%

If (Request.form("txtpword1") = Request.form("txtpword")) And (Request.form("txtusername1") = Request.form("txtusername")) Then
Session("UserLoggedIn") = "true"

Exit Do
End If
rs.MoveNext
Loop
rs.Close
Conn.Close


If Session("UserLoggedIn") = "true" Then
Response.Cookies("uname")=Request.form("username")
Response.Cookies("uname").expires=Date()+1

Response.Cookies("pass")=Request.form("pword")
Response.Cookies("pass").expires=Date()+1

Response.Redirect "masterfile.asp"
Else
Response.Write("Login Failed.<br><br>")
ShowLogin
End If


End Sub

%>