You could have coded your SP as follows

CREATE PROCEDURE usp_check_login

  @username varchar(20),

  @password varchar(20) AS

  SET NOCOUNT ON

  SELECT user_id,

    user_active as login_active,

    user_loginattempts as login_attempts,

    user_type

  FROM tbl_user

  WHERE user_username = @usernameAND user_password = @password

  RETURN @@ROWCOUNT

GO

That way you could use your RETURN_VALUE to determine whether or not your user exists i.e. if the value is >0 then the user and password combination exists.

If possible I would avoid using the ADO Command.Refresh statement because it has a noticeable performance hit.

Try declaring the parameters explicitly

Dim lResult as long

Dim cmdLogin As ADODB.Command

dim rsLogin as ADODB.Recordset

Set cmdLogin = New ADODB.Command

cmdLogin .ActiveConnection = connString

cmdLogin .CommandText = "usp_check_login"

cmdLogin .CommandType = 4

cmdCommunity.CommandTimeout = 0

cmdLogin .Parameters.Append cmdCommunity.CreateParameter("RETURN_VALUE", adInteger, adParamReturnValue, 4)

cmdLogin .Parameters.Append cmdCommunity.CreateParameter("@username", adVarChar, adParamInput, 20, sUsername)

cmdLogin .Parameters.Append cmdCommunity.CreateParameter("@password", adVarChar, adParamInput, 20, sPassword)

set rsLogin = cmdLogin .Execute

lResult = cmdLogin .Parameters(0).Value

etc

========================

He was not wholly unware of the potential lack of insignificance.