Fix: check user pass only if user exists

2025-07-09 15:39:11 +03:00
parent 2180f14850
commit a95dc82515
1 changed files with 6 additions and 5 deletions
--- a/handlers/auth.go
+++ b/handlers/auth.go
@ -92,12 +92,13 @@ func HandleFrontLogin(w http.ResponseWriter, r *http.Request) {
 		log.Debug("making new player", "error", err, "state", userstate)
 		userstate = models.InitPlayer(cleanName)
 		makeplayer = true
-	}
+	} else {
 		if userstate.Password != clearPass {
 			log.Error("wrong password", "username", cleanName, "password", clearPass)
 			abortWithError(w, "wrong password")
 			return
 		}
+	}
 	http.SetCookie(w, cookie)
 	fi := &models.FullInfo{
 		State: userstate,