Fix: check user pass only if user exists

2025-07-09 15:39:11 +03:00
parent 2180f14850
commit a95dc82515
1 changed files with 6 additions and 5 deletions
--- a/handlers/auth.go
+++ b/handlers/auth.go
@@ -92,11 +92,12 @@ func HandleFrontLogin(w http.ResponseWriter, r *http.Request) {
 		log.Debug("making new player", "error", err, "state", userstate)
 		userstate = models.InitPlayer(cleanName)
 		makeplayer = true
-	}
-	if userstate.Password != clearPass {
-		log.Error("wrong password", "username", cleanName, "password", clearPass)
-		abortWithError(w, "wrong password")
-		return
+	} else {
+		if userstate.Password != clearPass {
+			log.Error("wrong password", "username", cleanName, "password", clearPass)
+			abortWithError(w, "wrong password")
+			return
+		}
 	}
 	http.SetCookie(w, cookie)
 	fi := &models.FullInfo{