diff --git a/public/index.php b/public/index.php
index 9118638..1e7ee5f 100644
--- a/public/index.php
+++ b/public/index.php
@@ -116,14 +116,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     $paste_visibility = $_POST['visibility'];
     $paste_code = $_POST['format'];
     $paste_password = $_POST['pass'];
-
-    $p_expiry = trim(htmlspecialchars($_POST['paste_expire_date']));
     $tag_input = $_POST['tag_input'];
 
-    if (empty($paste_password)) {
-        $paste_password = null;
-    } else {
+    if (!empty($paste_password)) {
+        if (!$current_user) {
+            $error = 'You must be logged in to create a password-protected paste.';
+            goto OutPut;
+        }
+
         $paste_password = password_hash($paste_password, PASSWORD_DEFAULT);
+    } else {
+        $paste_password = null;
     }
 
     $paste_content = openssl_encrypt(
@@ -133,7 +136,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     );
 
     // Set expiry time
-    $expires = calculatePasteExpiry($p_expiry);
+    $expires = calculatePasteExpiry(trim($_POST['paste_expire_date']));
 
     // Edit existing paste or create new?
     if ($editing) {
diff --git a/theme/bulma/main.php b/theme/bulma/main.php
index d525cde..84136b6 100644
--- a/theme/bulma/main.php
+++ b/theme/bulma/main.php
@@ -140,7 +140,7 @@
                 <div class="field">
                     <div class="control">
                         <input type="text" class="input pp-width-auto" name="pass" id="pass"
-                               placeholder="Password (optional)" autocomplete="new-password"
+                               placeholder="Password (optional)<?= $current_user ? ' (must be logged in)': '' ?>" autocomplete="new-password"<?= $current_user ? '' : ' disabled="disabled"' ?>
                                value="<?php echo (isset($_POST['pass'])) ? pp_html_escape($_POST['pass']) : ''; ?>"/>
                     </div>
                 </div>