add the following code just before the form tag on the login page to strip the BadUserName querystering variable if it exists:
<?php
if(isset($_SERVER["QUERY_STRING"])) {
$arrQS = explode("&", $_SERVER["QUERY_STRING"]);
foreach($arrQS as $k => $v) {
if($v == "BadUserName=1") unset($arrQS[$k]);
}
$_SERVER["QUERY_STRING"] = implode("&", $arrQS);
}
?>
for the email pass word, edit the email passwrd server behavior, remove the reference to the password database column, then click the plus button and select the NewPW session variable.