From 31820317de39b4f47198a3ff6ca279064c86c7a8 Mon Sep 17 00:00:00 2001
From: James Collins <james.collins@outlook.com.au>
Date: Mon, 8 May 2023 21:53:37 +1000
Subject: [PATCH] check if password exists on login

---
 app/Http/Controllers/Api/AuthController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Controllers/Api/AuthController.php b/app/Http/Controllers/Api/AuthController.php
index e25a48b..f14a647 100644
--- a/app/Http/Controllers/Api/AuthController.php
+++ b/app/Http/Controllers/Api/AuthController.php
@@ -49,7 +49,7 @@ class AuthController extends ApiController
     {
         $user = User::where('email', '=', $request->input('email'))->first();
 
-        if ($user !== null && Hash::check($request->input('password'), $user->password) === true) {
+        if ($user !== null && strlen($user->password) > 0 && Hash::check($request->input('password'), $user->password) === true) {
             if ($user->email_verified_at === null) {
                 return $this->respondWithErrors([
                     'email' => 'Email address has not been verified.'