That broke a few things, we do need the check here

Firesphere · Oct 24, 2018 · 9f81de2 · 9f81de2
1 parent 1d36e21
commit 9f81de2
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/src/controllers/LoginHandler.php b/src/controllers/LoginHandler.php
@@ -63,7 +63,13 @@ public function doLogin($data, MemberLoginForm $form, HTTPRequest $request)
         // Also, exclude default admin from forcing a reset
         if (!$isDefaultAdmin && !HaveIBeenPwnedService::config()->get('allow_pwnd')) {
             $password = $data['Password'];
-            $member = $this->checkLogin($data, $request, $result);
+            $member = null;
+            $identifierField = Member::config()->get('unique_identifier_field');
+            $memberCount = Member::get()->filter([$identifierField => $data['Email']])->count();
+            // There's no need to check for the member if it doesn't exist
+            if ($memberCount !== 0) {
+                $member = $this->checkLogin($data, $request, $result);
+            }
 
             // How often can we find this password?
             $breachCount = $this->service->checkPwnedPassword($password);
@@ -73,8 +79,8 @@ public function doLogin($data, MemberLoginForm $form, HTTPRequest $request)
                 $this->lockoutMember($member, $breachCount);
             }
 
-            if (!$member || $breachCount) {
-                // A breached member or a non-existing member get the reset form
+            // A breached member or a non-existing member get the reset form
+            if (($breachCount && $member) || !$memberCount) {
                 return $this->redirectToResetPassword();
             }
         }