diff --git a/database/password-wrapper.go b/database/password-wrapper.go
index 765502c..6da6b4a 100644
--- a/database/password-wrapper.go
+++ b/database/password-wrapper.go
@@ -38,10 +38,26 @@ func (q *Queries) AddUser(ctx context.Context, arg AddUserParams) (string, error
 	return a.Subject, q.addUser(ctx, a)
 }
 
-type CheckLoginRow struct {
-	Subject       string              `json:"subject"`
-	Password      password.HashString `json:"password"`
-	HasTwoFactor  bool                `json:"hasTwoFactor"`
-	Email         string              `json:"email"`
-	EmailVerified bool                `json:"email_verified"`
+type CheckLoginResult struct {
+	Subject       string `json:"subject"`
+	HasTwoFactor  bool   `json:"hasTwoFactor"`
+	Email         string `json:"email"`
+	EmailVerified bool   `json:"email_verified"`
+}
+
+func (q *Queries) CheckLogin(ctx context.Context, un, pw string) (CheckLoginResult, error) {
+	login, err := q.checkLogin(ctx, un)
+	if err != nil {
+		return CheckLoginResult{}, err
+	}
+	err = password.CheckPasswordHash(login.Password, pw)
+	if err != nil {
+		return CheckLoginResult{}, err
+	}
+	return CheckLoginResult{
+		Subject:       login.Subject,
+		HasTwoFactor:  login.HasOtp,
+		Email:         login.Email,
+		EmailVerified: login.EmailVerified,
+	}, nil
 }
diff --git a/database/queries/users.sql b/database/queries/users.sql
index 1517817..734292c 100644
--- a/database/queries/users.sql
+++ b/database/queries/users.sql
@@ -7,7 +7,7 @@ INSERT INTO users (subject, name, username, password, email, email_verified, rol
 VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);
 
 -- name: checkLogin :one
-SELECT subject, password, EXISTS(SELECT 1 FROM otp WHERE otp.subject = users.subject), email, email_verified
+SELECT subject, password, cast(EXISTS(SELECT 1 FROM otp WHERE otp.subject = users.subject) AS BOOLEAN) as has_otp, email, email_verified
 FROM users
 WHERE username = ?
 LIMIT 1;
diff --git a/database/users.sql.go b/database/users.sql.go
index 231e337..da956b7 100644
--- a/database/users.sql.go
+++ b/database/users.sql.go
@@ -245,7 +245,7 @@ func (q *Queries) changeUserPassword(ctx context.Context, arg changeUserPassword
 }
 
 const checkLogin = `-- name: checkLogin :one
-SELECT subject, password, EXISTS(SELECT 1 FROM otp WHERE otp.subject = users.subject), email, email_verified
+SELECT subject, password, cast(EXISTS(SELECT 1 FROM otp WHERE otp.subject = users.subject) AS BOOLEAN) as has_otp, email, email_verified
 FROM users
 WHERE username = ?
 LIMIT 1
@@ -254,7 +254,7 @@ LIMIT 1
 type checkLoginRow struct {
 	Subject       string              `json:"subject"`
 	Password      password.HashString `json:"password"`
-	Column3       int64               `json:"column_3"`
+	HasOtp        bool                `json:"has_otp"`
 	Email         string              `json:"email"`
 	EmailVerified bool                `json:"email_verified"`
 }
@@ -265,7 +265,7 @@ func (q *Queries) checkLogin(ctx context.Context, username string) (checkLoginRo
 	err := row.Scan(
 		&i.Subject,
 		&i.Password,
-		&i.Column3,
+		&i.HasOtp,
 		&i.Email,
 		&i.EmailVerified,
 	)
diff --git a/server/login.go b/server/login.go
index fd8a14f..6ea840a 100644
--- a/server/login.go
+++ b/server/login.go
@@ -63,7 +63,7 @@ func (h *HttpServer) LoginPost(rw http.ResponseWriter, req *http.Request, _ http
 	var hasOtp bool
 
 	if h.DbTx(rw, func(tx *database.Queries) error {
-		loginUser, hasOtpRaw, hasVerifiedEmail, err := tx.CheckLogin(un, pw)
+		loginUser, err := tx.CheckLogin(req.Context(), un, pw)
 		if err != nil {
 			if errors.Is(err, sql.ErrNoRows) || errors.Is(err, bcrypt.ErrMismatchedHashAndPassword) {
 				loginMismatch = 1