diff --git a/op/op.Login.php b/op/op.Login.php
index 019dea1da..2e9e5b1de 100644
--- a/op/op.Login.php
+++ b/op/op.Login.php
@@ -28,13 +28,12 @@ include("../inc/inc.ClassUI.php");
 
 include $settings->_rootDir . "languages/" . $settings->_language . "/lang.inc";
 
-function _printMessage($heading, $message) {
-
+function _printMessage($heading, $message) { /* {{{ */
 	global $theme;
 	$view = UI::factory($theme, 'ErrorDlg');
 	$view->exitError($heading, $message, true);
 	return;
-}
+} /* }}} */
 
 if (isset($_REQUEST["sesstheme"]) && strlen($_REQUEST["sesstheme"])>0 && is_numeric(array_search($_REQUEST["sesstheme"],UI::getStyles())) ) {
 	$theme = $_REQUEST["sesstheme"];
@@ -58,6 +57,7 @@ if(isset($_POST['pwd'])) {
 	}
 }
 
+/* The password may only be empty if the guest user tries to log in */
 if($settings->_enableGuestLogin && (int) $settings->_guestID) {
 	$guestUser = $dms->getUser((int) $settings->_guestID);
 	if ((!isset($pwd) || strlen($pwd)==0) && ($login != $guestUser->getLogin())) {
@@ -66,16 +66,13 @@ if($settings->_enableGuestLogin && (int) $settings->_guestID) {
 	}
 }
 
-//
-// LDAP Sign In
-//
-
 /* Initialy set $user to false. It will contain a valid user record
  * if authentication against ldap succeeds.
  * _ldapHost will only have a value if the ldap connector has been enabled
  */
 $user = false;
 
+/* Authenticate against LDAP server {{{ */
 if (!$user && isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
 	if (isset($settings->_ldapPort) && is_int($settings->_ldapPort)) {
 		$ds = ldap_connect($settings->_ldapHost, $settings->_ldapPort);
@@ -140,11 +137,11 @@ if (!$user && isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
 
 		/* No do the actual authentication of the user */
 		$bind = @ldap_bind($ds, $dn, $pwd);
+		$user = $dms->getUserByLogin($login);
 		if ($bind) {
 			// Successfully authenticated. Now check to see if the user exists within
 			// the database. If not, add them in if _restricted is not set,
 			// but do not add their password.
-			$user = $dms->getUserByLogin($login);
 			if (is_bool($user) && !$settings->_restricted) {
 				// Retrieve the user's LDAP information.
 				if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) {
@@ -160,45 +157,52 @@ if (!$user && isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
 					}
 				}
 			}
-			if (!is_bool($user)) {
-				$userid = $user->getID();
+		} elseif($user) {
+			$userid = $user->getID();
+			if($settings->_loginFailure) {
+				$failures = $user->addLoginFailure();
+				if($failures >= $settings->_loginFailure)
+					$user->setDisabled(true);
 			}
+			$user = false;
 		}
 		ldap_close($ds);
 	}
-}
+} /* }}} */
 
-if (is_bool($user)) {
+/* Authenticate against SeedDMS database {{{ */
+else {
 	//
 	// LDAP Authentication did not succeed or is not configured. Try internal
 	// authentication system.
 	//
 
 	// Try to find user with given login.
-	$user = $dms->getUserByLogin($login);
-	if (!$user) {
-		_printMessage(getMLText("login_error_title"),	getMLText("login_error_text"));
-		exit;
-	}
-
-	$userid = $user->getID();
-
-	if (($userid == $settings->_guestID) && (!$settings->_enableGuestLogin)) {
-		_printMessage(getMLText("login_error_title"),	getMLText("guest_login_disabled"));
-		exit;
-	}
+	if($user = $dms->getUserByLogin($login)) {
+		$userid = $user->getID();
 
 	// Check if password matches (if not a guest user)
 	// Assume that the password has been sent via HTTP POST. It would be careless
 	// (and dangerous) for passwords to be sent via GET.
 	if (($userid != $settings->_guestID) && (md5($pwd) != $user->getPwd()) || ($userid == $settings->_guestID) && $user->getPwd() && (md5($pwd) != $user->getPwd())) {
-		_printMessage(getMLText("login_error_title"),	getMLText("login_error_text"));
 		/* if counting of login failures is turned on, then increment its value */
 		if($settings->_loginFailure) {
 			$failures = $user->addLoginFailure();
 			if($failures >= $settings->_loginFailure)
 				$user->setDisabled(true);
 		}
+		$user = false;
+	}
+	}
+} /* }}} */
+
+if(!$user) {
+	_printMessage(getMLText("login_error_title"),	getMLText("login_error_text"));
+	exit;
+}
+
+	if (($userid == $settings->_guestID) && (!$settings->_enableGuestLogin)) {
+		_printMessage(getMLText("login_error_title"),	getMLText("guest_login_disabled"));
 		exit;
 	}
 
@@ -218,8 +222,6 @@ if (is_bool($user)) {
 	/* Clear login failures if login was successful */
 	$user->clearLoginFailures();
 
-}
-
 // Capture the user's language and theme settings.
 if (isset($_REQUEST["lang"]) && strlen($_REQUEST["lang"])>0 && is_numeric(array_search($_REQUEST["lang"],getLanguages())) ) {
 	$lang = $_REQUEST["lang"];
@@ -310,7 +312,4 @@ else {
 	header("Location: ".$settings->_httpRoot.(isset($settings->_siteDefaultPage) && strlen($settings->_siteDefaultPage)>0 ? $settings->_siteDefaultPage : "out/out.ViewFolder.php?folderid=".$settings->_rootFolderID));
 }
 
-//_printMessage(getMLText("login_ok"),
-//	"<p><a href='".$settings->_httpRoot.(isset($settings->_siteDefaultPage) && strlen($settings->_siteDefaultPage)>0 ? $settings->_siteDefaultPage : "out/out.ViewFolder.php")."'>".getMLText("continue")."</a></p>");
-
 ?>