diff --git a/include/class.auth.php b/include/class.auth.php
index a0abe4ed4468455e9867730cd1d46a9d20fd3405..5ace9e26c3d121ada9aebf9643ef6fe3d0ff17e5 100644
--- a/include/class.auth.php
+++ b/include/class.auth.php
@@ -1063,7 +1063,8 @@ class AuthTokenAuthentication extends UserAuthenticationBackend {
             if (($ticket = Ticket::lookupByNumber($_GET['t'], $_GET['e']))
                     // Using old ticket auth code algo - hardcoded here because it
                     // will be removed in ticket class in the upcoming rewrite
-                    && !strcasecmp($_GET['a'], md5($ticket->getId() .  strtolower($_GET['e']) . SECRET_SALT))
+                    && strcasecmp((string) $_GET['a'], md5($ticket->getId()
+                            .  strtolower($_GET['e']) . SECRET_SALT)) === 0
                     && ($owner = $ticket->getOwner()))
                 $user = new ClientSession($owner);
         }