The actual problem is pretty simple, probably, but...
Change this bit:
while (dr.Read())
{
if (dr.HasRows == true)
{
To this:
if (dr.Read())
{
Your code as is checks for any rows, by doing a Read on the DataReader - which advances the row pointer to the next row. So DataReader.HasRows fails unless you have two or more users with identical names and passwords. Since this is both very very unlikely, and a silly thing to allow to happen, you code never gets to the update section. Since you only want to know if the username / password combo matches, an
if
check will do the job without messing you up afterwards.
But...please don't do that. Storing passwords in clear is a very poor security system, and can compromise other systems because users often use the same password for many other things. What looks like a minor flaw in your system could result in your bank account being emptied becuase they share a common password! Have a look at this:
Password Storage: How to do it.[
^] and please rethink your system!
Well done on using parametrized queries BTW!