diff --git a/application/controllers/User.php b/application/controllers/User.php
index 74d8977a5..279e9e558 100644
--- a/application/controllers/User.php
+++ b/application/controllers/User.php
@@ -971,7 +971,7 @@ class User extends CI_Controller {
 			$post_data = $this->input->post();
 			if (!empty($query->row()->external_account)) {
 				$post_data['user_name']  = $query->row()->user_name;
-				if (!($this->config->item('auth_header_allow_direct_login') ?? true)) {
+				if (!($this->config->item('auth_header_allow_direct_login', 'sso') ?? true)) {
 					$post_data['user_password'] = $this->pwd_placeholder; // placeholder → model skips password update
 				}
 			}
diff --git a/application/models/User_model.php b/application/models/User_model.php
index 00c75be79..6f3810441 100644
--- a/application/models/User_model.php
+++ b/application/models/User_model.php
@@ -442,7 +442,7 @@ class User_Model extends CI_Model {
 				$pwd_placeholder = '**********';
 
 				// Hash password
-				if($fields['user_password'] != NULL)
+				if(array_key_exists('user_password', $fields) && ($fields['user_password'] != NULL))
 				{
 					if (!file_exists('.demo') || (file_exists('.demo') && $this->session->userdata('user_type') == 99)) {