Thanks. I just wiped my existing security pages and rebuilt using md5. Now working like I had expected. My only issue I've found in all my testing, on the update page, if you update data but don't enter a new password, it deletes the existing password out of the database table. It's not supposed to do that is it? Shouldn't it leave it as is if you don't fill in the password fields on the update? I'm attaching a copy of the update page.