diff --git a/web.py b/web.py
index 089d616..c1ee3fc 100755
--- a/web.py
+++ b/web.py
@@ -12,9 +12,14 @@ import bcrypt
 
 cfg = json.load(open("meta.json"))
 scopes = ["read:accounts", "write:statuses"]
+settings = {
+	"cw": False,
+	# "disabled": False,
+}
 
 db = mysql.connector.connect(user=cfg['dbuser'], password=cfg['dbpass'], database=cfg['dbname'])
 c = db.cursor()
+dc = db.cursor(dictionary=True)
 # MariaDB [curiousgreg]> DESCRIBE data;
 # +---------------------+--------------+------+-----+-------------------------------------------+-----------------------------+
 # | Field               | Type         | Null | Key | Default                                   | Extra                       |
@@ -133,8 +138,14 @@ def do_login():
 	acct = request.form['acct']
 	session['username'] = re.match("^@[^@]*", acct).group(0)
 	session['instance'] = "https://{}".format(re.search("@([^@]+)$", acct).group(1))
-	pw = c.execute("SELECT password FROM data WHERE username LIKE ? AND password LIKE ?", (session['username'], session['instance'])).fetch_one()[0]
-	pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(15))
+	data = dc.execute("SELECT * FROM data WHERE username LIKE ? AND password LIKE ?", (session['username'], session['instance'])).fetch_one()
+	if bcrypt.checkpw(pw_hashed, data['password']):
+		#password is correct, log the user in
+		for item in ['username', 'instance', 'avi', 'secret', 'client_id', 'client_secret', 'cc', 'ccavi']:
+			session[item] = data[item]
+		return redirect('/home')
+	else:
+		return redirect('/login?invalid')
 
 @app.route('/create_password')
 def create_password():