First of all this is a real bad piece of code in terms of security. Your site can be easily hacked using SQL Injection.
Always use stored procedure is the golden rule number 1.
Second, you are passing plain text as password. That means you are storing password in you table as plain text. Anyone with access to that table can enjoy freebies!
Third, if a user logs in successfuly and is redirected to "userinventory.aspx", do you check if he change the URL to "Index.aspx" manually, he will not be granted access?
When you have taken care of these issues very well, try using
if (com.ExecuteReader().HasRows)
{
Session["loggedinuser"] = txtusername.Text;
}
And wherever you want to use the username try:
if (com.ExecuteReader().HasRows)
{
string username = Session["loggedinuser"];
}