1 files changed, 5 insertions, 5 deletions

diff --git a/inc/auth.php b/inc/auth.php
index ed32dc95d..5c005434a 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -55,16 +55,16 @@
 
   // do the login either by cookie or provided credentials
   if($conf['useacl']){
+    if (!isset($_REQUEST['u'])) $_REQUEST['u'] = '';
+    if (!isset($_REQUEST['p'])) $_REQUEST['p'] = '';
+    if (!isset($_REQUEST['r'])) $_REQUEST['r'] = '';
+
     // if no credentials were given try to use HTTP auth (for SSO)
     if(empty($_REQUEST['u']) && empty($_COOKIE[DOKU_COOKIE]) && !empty($_SERVER['PHP_AUTH_USER'])){
       $_REQUEST['u'] = $_SERVER['PHP_AUTH_USER'];
       $_REQUEST['p'] = $_SERVER['PHP_AUTH_PW'];
     }
 
-		if (!isset($_REQUEST['u'])) $_REQUEST['u'] = '';
-		if (!isset($_REQUEST['p'])) $_REQUEST['p'] = '';
-		if (!isset($_REQUEST['r'])) $_REQUEST['r'] = '';
-
     // external trust mechanism in place?
     if(!is_null($auth) && $auth->canDo('external')){
       $auth->trustExternal($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r']);
@@ -115,7 +115,7 @@ function auth_login($user,$pass,$sticky=false){
   global $auth;
   $sticky ? $sticky = true : $sticky = false; //sanity check
 
-  if(isset($user)){
+  if(!empty($user)){
     //usual login
     if ($auth->checkPass($user,$pass)){
       // make logininfo globally available