diff --git a/kernel/modules/secure/controllers/SecureController.php b/kernel/modules/secure/controllers/SecureController.php
index dac13b8..1086058 100644
--- a/kernel/modules/secure/controllers/SecureController.php
+++ b/kernel/modules/secure/controllers/SecureController.php
@@ -75,11 +75,11 @@ class SecureController extends AdminController
         $loginForm = new LoginEmailForm();
         $loginForm->load($_REQUEST);
         $email = $loginForm->getItem("email");
+        $code = mt_rand(100000, 999999);
 
         $user = $this->userService->getByField('email', $email);
         if (!$user){
             $newUser = new User();
-            $code = mt_rand(100000, 999999);
             $newUser->email = $email;
             $newUser->username = substr($email, 0, strpos($email, "@"));
             $newUser->password_hash = password_hash(md5(microtime() . bin2hex(random_bytes(10)) . time()), PASSWORD_DEFAULT);
@@ -87,7 +87,6 @@ class SecureController extends AdminController
             $newUser->auth_code_expires_at = date("Y-m-d H:i:s", strtotime("+5 minutes"));
             $newUser->save();
         } else {
-            $code = mt_rand(100000, 999999);
             $user->auth_code = $code;
             $user->auth_code_expires_at = date("Y-m-d H:i:s", strtotime("+5 minutes"));
             $user->save();