diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..c2d75f2
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+To report a vulnerability, either use the inbuilt security reporting feature in GitHub, or shoot us an email at team@obl.ong. 
+
+**DO NOT FILE AN ISSUE WITH A SECURITY VULNERABILITY**
+
+We thank you in advance for finding and reporting security issues!
diff --git a/app/controllers/auth_controller.rb b/app/controllers/auth_controller.rb
index feaeacf..d51ff04 100644
--- a/app/controllers/auth_controller.rb
+++ b/app/controllers/auth_controller.rb
@@ -20,16 +20,20 @@ def login
   def email
     user = User::User.find_by(email: params[:email])
 
-    if(user.blank?)
+    if(!user)
       redirect_to(controller: "users", action: "register")
+      return
     elsif(user.disable_email_auth?)
       flash[:notice] = "Email login codes are disabled"
       redirect_to(controller: "auth", action: "login")
+      return
     end
 
 
-    if Time.now.to_i > (user.otp_last_minted.nil? ? 0 : user.otp_last_minted) + 600 || params[:resend] == "true" then
+    if Time.now.to_i > (user.try(:otp_last_minted).nil? ? 0 : user.otp_last_minted) + 600 || params[:resend] == "true" then
       User::Mailer.with(user: user).verification_email.deliver_later
+      if params[:resend] == "true" then flash[:notice] = "Sent email code" end
+
     end
 
   end