//if user inputted password is not equal to the saved password then it's incorrect		  
if (password[cnt2] != passINP[cnt2]); // explain what the semicolon is doing here
{
    flag = 0;
}