From c9f728fefb0d2cbbefd488f4abd9790183d5cc86 Mon Sep 17 00:00:00 2001
From: Simon Welsh <simon@simon.geek.nz>
Date: Wed, 30 Jan 2013 09:17:47 +1300
Subject: [PATCH] FIX Only check the remember token if a user exists

---
 security/Member.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/security/Member.php b/security/Member.php
index 082c221fb..ac61473a5 100644
--- a/security/Member.php
+++ b/security/Member.php
@@ -384,9 +384,11 @@ class Member extends DataObject implements TemplateGlobalProvider {
 			$member = DataObject::get_one("Member", "\"Member\".\"ID\" = '$SQL_uid'");
 
 			// check if autologin token matches
-			$hash = $member->encryptWithUserSettings($token);
-			if($member && (!$member->RememberLoginToken || $member->RememberLoginToken != $hash)) {
-				$member = null;
+			if($member) {
+				$hash = $member->encryptWithUserSettings($token);
+				if(!$member->RememberLoginToken || $member->RememberLoginToken !== $hash) {
+					$member = null;
+				}
 			}
 
 			if($member) {