You could have coded your SP as follows
CREATE PROCEDURE usp_check_login
@username varchar(20),
@password varchar(20) AS
SET NOCOUNT ON
SELECT user_id,
user_active as login_active,
user_loginattempts as login_attempts,
user_type
FROM tbl_user
WHERE user_username = @username AND user_password = @password
RETURN @@ROWCOUNT
GO
That way you could use your RETURN_VALUE to determine whether or not your user exists i.e. if the value is >0 then the user and password combination exists.
If possible I would avoid using the ADO Command.Refresh statement because it has a noticeable performance hit.
Try declaring the parameters explicitly
Dim lResult as long
Dim cmdLogin As ADODB.Command
dim rsLogin as ADODB.Recordset
Set cmdLogin = New ADODB.Command
cmdLogin .ActiveConnection = connString
cmdLogin .CommandText = "usp_check_login"
cmdLogin .CommandType = 4
cmdCommunity.CommandTimeout = 0
cmdLogin .Parameters.Append cmdCommunity.CreateParameter("RETURN_VALUE", adInteger, adParamReturnValue, 4)
cmdLogin .Parameters.Append cmdCommunity.CreateParameter("@username", adVarChar, adParamInput, 20, sUsername)
cmdLogin .Parameters.Append cmdCommunity.CreateParameter("@password", adVarChar, adParamInput, 20, sPassword)
set rsLogin = cmdLogin .Execute
lResult = cmdLogin .Parameters(0).Value
etc
========================
He was not wholly unware of the potential lack of insignificance.