No, it's not correct, in many ways. Not the least of which is that you're storing passwords unencrypted in the database. If your database gets hacked, you just screwed all of your customers into changing their passwords everywhere else they have accounts.
Read
these[
^].
and
these[
^].