>>>I just think it would be nice to tell the visitors what went wrong. (Wrong username, password, or both). I wouldn't recommend doing that. If someone is trying to gain illicit access to your site, your providing them with helpful information. For example, if you tell them they got their username right, then they just have to brute force attack the form with random passwords until they get in. However, if you still want to do this, it's pretty easy.
First check in one query to see if the user name is in the database then if it is in a second query see if that username and password are both in the database in the same record. If it is, then log them in. If they pass the first query test, but not the second, then you know they entered the right username, but wrong password, this can be verified by checking the queryname.RecordCount on the first query. If it's GT 0 they have a username in the database. If they fail the first one, then they inherently failed the second test, so you can pass back a message stating they entered an invalid username/password combination. =] -- Alan Rother Adobe Certified Advanced ColdFusion MX 7 Developer Manager, Phoenix Cold Fusion User Group, AZCFUG.org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324828 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
