You have totally worng code htere. First you must NEVER juse a text field for passwords, you MUST use the password type or EVERYONES passwords will be visible on remeber, and to nearby people when entering it. You must call the same page you are in from the form and reload the form with an error message. So you need to write php code to read the ENCRYPTED version of the entered password with the ENCRYPTED stored password, and the user name with the stored user name from the database. Before even doing tht you MUST include filtering for script and logic code characters to prevent hackers gaining access to the site with no password. If you want to offer people the chioce of seeing their password you then use a javascript function to switch to a text filed of the same name as the password field. You must NEVER store passwords in text files, notr in plain text in a database, they MUST be stored on the database encrypted.
Use AJAX to avoid redirecting the page. Or user Form action = "#" or blank
Here's the html form action code