From 9f81de2d5edb82d5fcdfa4a71f470847300baf10 Mon Sep 17 00:00:00 2001
From: Simon Erkelens <github@casa-laguna.net>
Date: Wed, 24 Oct 2018 19:36:30 +1300
Subject: [PATCH] That broke a few things, we do need the check here

---
 src/controllers/LoginHandler.php | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/controllers/LoginHandler.php b/src/controllers/LoginHandler.php
index bef5eca..400ffaf 100644
--- a/src/controllers/LoginHandler.php
+++ b/src/controllers/LoginHandler.php
@@ -63,7 +63,13 @@ public function doLogin($data, MemberLoginForm $form, HTTPRequest $request)
         // Also, exclude default admin from forcing a reset
         if (!$isDefaultAdmin && !HaveIBeenPwnedService::config()->get('allow_pwnd')) {
             $password = $data['Password'];
-            $member = $this->checkLogin($data, $request, $result);
+            $member = null;
+            $identifierField = Member::config()->get('unique_identifier_field');
+            $memberCount = Member::get()->filter([$identifierField => $data['Email']])->count();
+            // There's no need to check for the member if it doesn't exist
+            if ($memberCount !== 0) {
+                $member = $this->checkLogin($data, $request, $result);
+            }
 
             // How often can we find this password?
             $breachCount = $this->service->checkPwnedPassword($password);
@@ -73,8 +79,8 @@ public function doLogin($data, MemberLoginForm $form, HTTPRequest $request)
                 $this->lockoutMember($member, $breachCount);
             }
 
-            if (!$member || $breachCount) {
-                // A breached member or a non-existing member get the reset form
+            // A breached member or a non-existing member get the reset form
+            if (($breachCount && $member) || !$memberCount) {
                 return $this->redirectToResetPassword();
             }
         }