I deleted your post, do NOT post fake 'answers' edit your post if you have something useful to say. In this case, you did not. You said:
i do not want to buy a book...
why do not you tell me?
Well, if you don't want to buy a book, then you sure as hell should not be working on any commercial projects, if you're writing a secure login system just for fun, you should still buy a book, or at least do some reading.
Nevertheless, I DID tell you, I told you exactly what is wrong, gave you code you could copy and paste, and gave you some other general advice as to why your code is terrible as is. How could you miss it ? This is why you need a book, you don't know enough to know the answer when it's right in front of you.