You also have to validate the email address and password. Currently you are only validating the Status column, so as long as there is any record with Status=1 it will let you in. You only want to let them in if the email, password, and status fields are verified.