ok thanks for the response.
i think the logic was that if the error returned invalid password, then they would know that the username existed and could continue trying to get the password.
i will check out the file and function you suggested.
thank you
