diff --git a/handlers/auth.go b/handlers/auth.go
index c544ca8..6044cbe 100644
--- a/handlers/auth.go
+++ b/handlers/auth.go
@@ -92,11 +92,12 @@ func HandleFrontLogin(w http.ResponseWriter, r *http.Request) {
 		log.Debug("making new player", "error", err, "state", userstate)
 		userstate = models.InitPlayer(cleanName)
 		makeplayer = true
-	}
-	if userstate.Password != clearPass {
-		log.Error("wrong password", "username", cleanName, "password", clearPass)
-		abortWithError(w, "wrong password")
-		return
+	} else {
+		if userstate.Password != clearPass {
+			log.Error("wrong password", "username", cleanName, "password", clearPass)
+			abortWithError(w, "wrong password")
+			return
+		}
 	}
 	http.SetCookie(w, cookie)
 	fi := &models.FullInfo{