There are several things very wrong here.
The first is that you should never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Concatenating strings as part of your login procedure is spectacularly dumb, as it lets anyone do what they want to your DB without even having a valid login. Or indeed bypassing your login completely...
The second is as bad: Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.
] - it's in C# rather than VB, but it pretty simple to understand.
Fix them, and the problem you have noticed will probably go away at the same time...