From a95dc82515d198627423c25464c1129659f60efb Mon Sep 17 00:00:00 2001
From: Grail Finder <wohilas@gmail.com>
Date: Wed, 9 Jul 2025 15:39:11 +0300
Subject: [PATCH] Fix: check user pass only if user exists

---
 handlers/auth.go | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/handlers/auth.go b/handlers/auth.go
index c544ca8..6044cbe 100644
--- a/handlers/auth.go
+++ b/handlers/auth.go
@@ -92,11 +92,12 @@ func HandleFrontLogin(w http.ResponseWriter, r *http.Request) {
 		log.Debug("making new player", "error", err, "state", userstate)
 		userstate = models.InitPlayer(cleanName)
 		makeplayer = true
-	}
-	if userstate.Password != clearPass {
-		log.Error("wrong password", "username", cleanName, "password", clearPass)
-		abortWithError(w, "wrong password")
-		return
+	} else {
+		if userstate.Password != clearPass {
+			log.Error("wrong password", "username", cleanName, "password", clearPass)
+			abortWithError(w, "wrong password")
+			return
+		}
 	}
 	http.SetCookie(w, cookie)
 	fi := &models.FullInfo{