think like this
function login($username, $password) {
$userpass = sha1($password);
$result = mysqli_query($con, "SELECT * FROM members WHERE username='$username' AND password='$userpass'");
while($row = mysqli_fetch_array($result)) {
$success = true;
}
if($success == true) {
$_SESSION['username']= $username;
//redirect to home page
} else {
echo '<div class="alert alert-danger">Oops! It looks like your username and/or password are incorrect. Please try again.</div>';
}
} // END LOGIN FUNCTION