Let's analyze your code.
In this piece of code, you're querying your tb_users table to check if an entry with given userid and password exists. You execute the query, but you do nothing with the given resultset, so that you're not really checking anything ! No matter if you find or not a match, your code will go on. You might have wrote:
The following code seems to be conceptually wrong:
First, you're simply querying the whole tb_userauth table, without using given userid as key. This means you're not reading what authorizations a specific user has, you're just reading all the table.
More over, you are not cycling over the ResultSet: if a guy has more than a single authorization (i.e, for each userid you may have multiple records recorded on tb_userauth), you're evaluating only one authorization (and not necessarily the first one: you did not specify an ORDER BY, so that the order records are presented with is unpredictable). So, at a minimum,
you should use a while statement.
As a personal coding taste: I think it's a poor practice to loop over a cursor to verify if a record has or has not a given value.
It would be better to use specific WHERE constraints, for example :
But these are only my two cents