diff --git a/login/ForgotPW.aspx b/login/ForgotPW.aspx
index 72f0b35..c0e3fee 100644
--- a/login/ForgotPW.aspx
+++ b/login/ForgotPW.aspx
@@ -110,6 +110,9 @@
                
 <asp:Label ID="lbl_Email" runat="server" Text="Email Address:"></asp:Label>
 <asp:TextBox ID="txtEmail" runat="server" Width = "250" />
+                    <asp:Label ID="lbl_Username" runat="server" Text="Username:"></asp:Label>
+<asp:TextBox ID="txt_Username" runat="server" Width = "250" />
+
 <br />
 <asp:Label ID="lblMessage" runat="server" />
 <br />
diff --git a/login/ForgotPW.aspx.vb b/login/ForgotPW.aspx.vb
index f2b5f71..6005033 100644
--- a/login/ForgotPW.aspx.vb
+++ b/login/ForgotPW.aspx.vb
@@ -3,6 +3,7 @@ Imports System.Net.Mail
 Imports System.Drawing
 Imports System.Configuration
 Imports System.Data.SqlClient
+Imports System.Data
 
 Partial Class login_ForgotPW
     Inherits System.Web.UI.Page
@@ -15,7 +16,7 @@ Partial Class login_ForgotPW
 
 
     Protected Sub SendEmail(sender As Object, e As EventArgs)
-        Dim username As String = String.Empty
+        Dim username As String = txt_Username.Text
         Dim password As String = String.Empty
 
         ' cDBFunctions.GetNewOpenConnection()
@@ -31,30 +32,43 @@ Partial Class login_ForgotPW
         ' Dim constr As String = ConfigurationManager.ConnectionStrings("constr").ConnectionString
         Using con As New SqlConnection(ConnectionString)
             ' Using cmd As New SqlCommand("Validate_User")
-            Using cmd As New SqlCommand("SELECT COUNT(*) FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND Password=@Password")
+            Using cmd As New SqlCommand("SELECT COUNT(*) FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username")
                 ' cmd.CommandType = CommandType.StoredProcedure
-
+                cmd.Parameters.AddWithValue("@Username", username)
                 cmd.Connection = con
                 con.Open()
-                ' userId = Convert.ToInt32(cmd.ExecuteScalar())
+                'userId = Convert.ToInt32(cmd.ExecuteScalar())
                 Dim dr As SqlDataReader = cmd.ExecuteReader()
                 If dr.Read() Then
                     username = dr("@Username").ToString()
-                    password = dr("@Password").ToString()
                 End If
             End Using
-                con.Close()
-            End Using
+            con.Close()
+        End Using
 
-        If Not String.IsNullOrEmpty(password) Then
+        If Not String.IsNullOrEmpty(username) Then
             ' SendEmail(username, password)
+            MsgBox("Mail would be sent successfully!")
             lblMessage.ForeColor = Color.Green
             lblMessage.Text = "Password has been sent to your email address."
         Else
+            MsgBox("Mail would not be sent successfully!")
             lblMessage.ForeColor = Color.Red
             lblMessage.Text = "This email address does not match our records."
         End If
     End Sub
+
+    Function RandomString(r As Random)
+        Dim s As String = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
+        Dim sb As New StringBuilder
+        Dim cnt As Integer = r.Next(15, 33)
+        For i As Integer = 1 To cnt
+            Dim idx As Integer = r.Next(0, s.Length)
+            sb.Append(s.Substring(idx, 1))
+        Next
+        Return sb.ToString()
+    End Function
+
     Function SendEmail(username As String, password As String) As Boolean
         Dim Msg As New MailMessage
         Dim myCredentials As New System.Net.NetworkCredential
@@ -68,7 +82,7 @@ Partial Class login_ForgotPW
         mySmtpsvr.Credentials = myCredentials
         Try
             Msg.From = New MailAddress("al@verag.ag")
-            Msg.To.Add("al@verag.ag")
+            Msg.To.Add(txtEmail.Text)
             Msg.Subject = "TEST"
             Msg.Body = String.Format("Hi {0},<br /><br />Your password is {1}.<br /><br />Thank You.", username, password)
 
@@ -82,4 +96,6 @@ Partial Class login_ForgotPW
         End Try
         Return False
     End Function
+
+
 End Class