diff --git a/modules/api/api.js b/modules/api/api.js
index a1c0a7b..f0e1bbd 100644
--- a/modules/api/api.js
+++ b/modules/api/api.js
@@ -58,6 +58,13 @@ function CreateDB () {
     const tableData = dbStruct[tableName]
     dbtools.CreateTable(authDB, tableName, tableData.tableStruct)
   })
+
+  // dbtools.Insert(authDB, 'users', {
+  //   pw: 2,
+  //   id: 1,
+  //   notes: 'hemnlo'
+  // })
+  // console.log(dbtools.TableInfo(authDB, 'users'))
 }
 CreateDB()
 
@@ -136,6 +143,7 @@ Load()
 
 app.post('/login', (req, res) => {
   logger.LogReq(req)
+  console.log(req.body)
   // FIXME: redirect to original url
   const user = 'u'
   // TODO: get user
diff --git a/modules/api/auth.middleware.js b/modules/api/auth.middleware.js
index 673680e..f99548f 100644
--- a/modules/api/auth.middleware.js
+++ b/modules/api/auth.middleware.js
@@ -1,6 +1,8 @@
 const logger = require('../../utils/logger.js')
 const dbtools = require('../../utils/dbtools.js')
 
+const usersDBName = 'users'
+
 // TODO: session
 
 module.exports = function (options) {
@@ -16,15 +18,13 @@ module.exports = function (options) {
     if (user) {
       next()
     } else {
-      res.JSON({
-        success: false,
-        msg: 'You dont have permission to acces this site'
-      })
+      res.render('login')
     }
   }
 }
 
 function GetUserByPW (db, password) {
-  // TODO: find user by password
-  return undefined
+  return dbtools.Select(db, usersDBName, {
+    pw: password
+  })[0]
 }