A link sending an invalid user/pass back to the login page worked like a charm. Thank you for that good idea!

On a related topic, I'm concerned about sending clear text passwords. The website holds patient medical records which should be as secure as possible. I was unaware the passwords were sent in clear text and wonder if there is a way (or option to toggle) to make them more secure?