// CALLBACKS

public function check_user(){

    $result = FALSE;

    $username=$this->input->post('username');

    $email=$this->input->post('emailad');

    $dbmember=$this->members->get_members();

    foreach ( $dbmember as $key){

        // condition of username and email  
        if($username==$key && $email==$key){

        if($username == $key->UserName && $email == $key->EmailAddress){
              $this->form_validation->set_message('check_user','already existed!
                      Please check username and email agian.');
              return FALSE;
              break;
            }                

        return TRUE;

        }  
    }

Instead of sending parameters with call back you can always get them with post

Here is your call back

public function has_match(){
    if (0) {
        // user exists
        return true;
    }
    else {

        $password   =   $this->input->post('password');
        $username   =   $this->input->post('username');

        $this->form_validation->set_message('has_match', 'Invalid Username/password entered ' . $password . ' ' . $username);
        return false;
    }
}

Your code is working as expected. You're basically always calling the callback method has_match with the string username as a parameter. I think that you expect that this translates into:

callback_has_match[$username]

Therefore, when you access the has_match() method, you would have access to the value of $username. This is however, not the way callback methods work. The parameter that you set in there is a string, which is hardcoded, exactly like you do when you add a rule for min_length[10] - it's not the value of a PHP variable. An easy fix, which I haven't tested but suspect works is to do:

$this->form_validation->set_rules('password', 'Password', 'required|callback_has_match[' . $username . ']');

However the code above is not clean, and seems bad design in my opinion.

Now that we've found the problem with the code, I know it's outside the scope of the question, but I would like to point it out - I find it's more of a design issue here. Why do you want to check for the username/password pair inside of a callback to the password field?

Remember, you're validating a form, you shouldn't mix it up with model work. The form doesn't care if the provided username/password combo is correct, it should just look at whether both the fields have been provided correctly, and if so, it should do something about it.

I would adapt your code above to:

$this->form_validation->set_rules('username', 'Username', 'required');
$this->form_validation->set_rules('password', 'Password', 'required|callback_has_match[username]');

if ($this->form_validation->run() != FALSE) {
    $validLogin = $this->muser->checkLogin($username, $password);

    if ($validLogin) {
        //Username/password combo exists in DB, save in session or whatever.
    } else {
        //Username/password combo does not exist in DB, show an error.
    }
} else {
    //Code for when form fields have not been provided correctly.
}