diff --git a/src/accounts/authorize.js b/src/accounts/authorize.js
new file mode 100644
index 0000000..464412a
--- /dev/null
+++ b/src/accounts/authorize.js
@@ -0,0 +1,18 @@
+import bcrypt from 'bcryptjs'
+const { compare } = bcrypt
+
+export async function authorizeUser(email, password) {
+  // Import user collection
+  const { user } = await import ("../user/user.js")
+  // Look up user
+  const userData = await user.findOne({
+    'email.address': email,
+  })
+  // Get user password
+  const savedPassword = userData.password
+  // Compare password with one in database
+  const isAuthorized = await compare(password, savedPassword)
+  console.log("isAuthorized", isAuthorized)
+  // Return boolean of if password is correct
+  return isAuthorized
+}
\ No newline at end of file
diff --git a/src/accounts/register.js b/src/accounts/register.js
index 6354de6..28df13d 100644
--- a/src/accounts/register.js
+++ b/src/accounts/register.js
@@ -2,16 +2,23 @@ import bcrypt from 'bcryptjs'
 const { genSalt, hash } = bcrypt
 
 export async function registerUser(email, password) {
+  const { user } = await import ("../user/user.js")
+
   // generate salt
   const salt = await genSalt(10)
-  console.log('salt', salt)
 
   // hash with salt
   const hashedPassword = await hash(password, salt)
-  console.log('hashedPassword', hashedPassword)
 
   // store in database
+  const result = await user.insertOne({
+    email: {
+      address: email,
+      verified: false,
+    },
+    password: hashedPassword,
+  })
 
   // return user from database
-
+  return result.insertedId
 }
\ No newline at end of file
diff --git a/src/index.js b/src/index.js
index c072eee..afcfd74 100644
--- a/src/index.js
+++ b/src/index.js
@@ -5,6 +5,7 @@ import path from 'path'
 import { fileURLToPath } from 'url'
 import { connectDb } from './db.js'
 import { registerUser } from './accounts/register.js'
+import { authorizeUser } from './accounts/authorize.js'
 
 // ESM specific "features"
 const __filename = fileURLToPath(import.meta.url)
@@ -20,12 +21,27 @@ async function startApp() {
 
     app.post('/api/register', {}, async (request, reply) => {
       try {
-        await registerUser(request.body.email, request.body.password)
+        const userId = await registerUser(
+          request.body.email,
+          request.body.password
+        )
       } catch (e) {
         console.error('e', e);
       }
     })
 
+
+    app.post('/api/authorize', {}, async (request, reply) => {
+      try {
+        console.log(request.body.email, request.body.password)
+        const userId = await authorizeUser(
+          request.body.email,
+          request.body.password
+        )
+      } catch (e) {
+        console.error('e', e);
+      }
+    })
     // app.get("/", {}, (request, reply) => {
     //   reply.send({
     //     data: "hello world",
diff --git a/src/public/index.html b/src/public/index.html
index cb28d32..8babe20 100644
--- a/src/public/index.html
+++ b/src/public/index.html
@@ -14,15 +14,24 @@
     <input type="password" name="password">
     <button type="submit">Register</button>
   </form>
+  <br/>
+  <hr />
+  <br/>
+  <h3>Login Form</h3>
+  <form id="login-form">
+    <input type="email" name="email">
+    <input type="password" name="password">
+    <button type="submit">Login</button>
+  </form>
 
   <script>
     ;(() => {
-      const form = document.getElementById("register-form")
+      const registerForm = document.getElementById("register-form")
 
-      form.addEventListener("submit", async (e) => {
+      registerForm.addEventListener("submit", async (e) => {
         e.preventDefault();
         try {
-          const values = Object.values(form).reduce((obj, field) => {
+          const values = Object.values(registerForm).reduce((obj, field) => {
             if (field.name) {
               obj[field.name] = field.value
             }
@@ -38,6 +47,31 @@
           console.error(e)
         }
       })
+
+      // Find form element 
+      const loginForm = document.getElementById("login-form")
+      // Wait for event
+      loginForm.addEventListener("submit", async (e) => {
+        e.preventDefault();
+        try {
+          // Get form values
+          const values = Object.values(loginForm).reduce((obj, field) => {
+            if (field.name) {
+              obj[field.name] = field.value
+            }
+            return obj
+          }, {})
+          // Submit
+          const res = await fetch('/api/authorize', {
+            method: "POST",
+            body: JSON.stringify(values),
+            headers: { "Content-type": "application/json; charset=UTF-8"},
+          })
+          console.log("values", values)
+        } catch (e) {
+          console.error(e)
+        }
+      })
     })()
   </script>
 </body>
diff --git a/src/user/user.js b/src/user/user.js
new file mode 100644
index 0000000..e11ea84
--- /dev/null
+++ b/src/user/user.js
@@ -0,0 +1,4 @@
+import { client } from '../db.js'
+
+export const user = client.db("test").collection("user")
+