diff --git a/db.go b/db.go
index 299b145..119f5c9 100644
--- a/db.go
+++ b/db.go
@@ -15,6 +15,7 @@ func check_password(attempt string) (result bool) {
 	if err != nil {
 		log.Fatal(err)
 	}
+    // this feels ultra hokey ... I guess I could take it from 2N to N by |= ...
 	hashes := []string{}
 	cmd := "SELECT hash FROM passes;"
 	db.Execute(cmd, func(s *sqlite3.Statement, values ...interface{}) {
@@ -22,7 +23,7 @@ func check_password(attempt string) (result bool) {
 		hashes = append(hashes, cur_hash)
 	})
 	for _, hash := range hashes {
-		err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(*check_pw))
+		err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(attempt))
 		if err == nil {
 			result = true
 			return
diff --git a/handlers.go b/handlers.go
index f1305fd..f4c153b 100644
--- a/handlers.go
+++ b/handlers.go
@@ -1,7 +1,6 @@
 package main
 
 import (
-	"log"
 	"net/http"
 )
 
@@ -16,8 +15,12 @@ func homeHandler(w http.ResponseWriter, req *http.Request) {
 
 func loginHandler(w http.ResponseWriter, req *http.Request) {
 	pwAttempt := req.FormValue("passwd")
-	// if pw matches, set session.Values["logged in"], then redirect to "/"
-	// else come back here..
-	log.Printf("%v\n", pwAttempt)
+	if check_password(pwAttempt) {
+        session, _ := store.Get(req, "creds")
+        session.Values["logged in"] = true
+        session.Save(req, w)
+		http.Redirect(w, req, "/", http.StatusSeeOther)
+        return
+    }
 	T("login.html").Execute(w, map[string]interface{}{})
 }