diff --git a/server/src/user.rs b/server/src/user.rs
index c09f5f3f..086675c7 100755
--- a/server/src/user.rs
+++ b/server/src/user.rs
@@ -88,7 +88,10 @@ pub fn login(params: UserLoginParams, db: Db) -> Result<RpcResult, Error> {
     let result = db
         .query(query, &[&params.name])?;
 
-    let returned = result.iter().next().expect("no row returned");
+    let returned = match result.iter().next() {
+        Some(row) => row,
+        None => return Err(err_msg("user not found")),
+    };
 
     let entry = UserEntry {
         id: returned.get(0),
@@ -97,8 +100,9 @@ pub fn login(params: UserLoginParams, db: Db) -> Result<RpcResult, Error> {
         password: returned.get(3),
     };
 
-
-    verify(&params.password, &entry.password)?;
+    if !verify(&params.password, &entry.password)? {
+        return Err(err_msg("password does not match"));
+    }
 
     println!("{:?} logged in", entry.name);