ขอคำแนะนำเกี่ยวกับการเก็บ password ลงฐานข้อมูลและการใช้งานเวลาล็อคอินมันส่งค่ายังไงให้ระบบเข้าใจ

<?php session_start();?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
<link rel="stylesheet" href="template.css">
</head>
<body>
<form name="frmlogin"  method="post" action="login.php">
<div class="main">
    <div class="img">
    <img src="https://i.pinimg.com/564x/21/72/1a/21721a303eb55709cab32210737cd8f8.jpg" alt="">
    </div>
    <table style="width:100%">
  <tr>
  <th class="long"></th>
    <th>ID</th>
    <th><input type="text" id="username" name="username"></th>
    <th>PW</th>
    <th><input type="password" id="password" name="password"></th>
    <th><button class="button" type="submit" >Login</button></th>
  </tr>
  
</table>
    <div class="content">
    <p>
    these are the popular menues that we recommended to you!
    we hope you enjoy it and appreciate our service as well 
    we glad you came here and hope to see you next time 
    <br>thank you :)</br>
    </p>
    </div>
    <div class="footer">
        <div class="foot1">
        <img src="https://i.pinimg.com/564x/bb/eb/be/bbebbe41c08562dd3433ebd1b2d47e23.jpg" alt="">    
        </div>
    </div>
</div> 
</form>
 
</body>
</html>

<?php 
session_start();
        if(isset($_POST['username'])){
				//connection
                  include("connection.php");
				//รับค่า user & password
                  $Username = $_POST['username'];
                  $Password = $_POST['password']; //ตรงนี้คับที่ลบออก
				//query 
                  $sql="SELECT * FROM user Where username='".$Username."' and password='".$Password."' ";

                  $result = mysqli_query($con,$sql);
				
                  if(mysqli_num_rows($result)==1){

                      $row = mysqli_fetch_array($result);

                      $_SESSION["id"] = $row["id"];
                      $_SESSION["user"] = $row["firstname"]." ".$row["lastname"];
                      $_SESSION["userlevel"] = $row["userlevel"];

                      if($_SESSION["userlevel"]=="admin"){ //ถ้าเป็น admin ให้กระโดดไปหน้า admin_page.php

                        Header("Location: admin_page.php");

                      }

                      if ($_SESSION["userlevel"]=="user"){  //ถ้าเป็น member ให้กระโดดไปหน้า user_page.php

                        Header("Location: user_page.php");

                      }

                  }else{
                    echo "<script>";
                        echo "alert(\" user หรือ  password ไม่ถูกต้อง\");"; 
                        echo "window.history.back()";
                    echo "</script>";

                  }

        }else{


             Header("Location: form.php"); //user & password incorrect back to login again

        }
?>