diff --git a/db.go b/db.go
new file mode 100644
index 0000000..299b145
--- /dev/null
+++ b/db.go
@@ -0,0 +1,32 @@
+package main
+
+import (
+	"code.google.com/p/go.crypto/bcrypt"
+	"github.com/kuroneko/gosqlite3"
+	"log"
+	"sync"
+)
+
+var dbMutex sync.Mutex
+
+func check_password(attempt string) (result bool) {
+	db, err := sqlite3.Open(*db_file)
+	defer db.Close()
+	if err != nil {
+		log.Fatal(err)
+	}
+	hashes := []string{}
+	cmd := "SELECT hash FROM passes;"
+	db.Execute(cmd, func(s *sqlite3.Statement, values ...interface{}) {
+		cur_hash := values[0].(string)
+		hashes = append(hashes, cur_hash)
+	})
+	for _, hash := range hashes {
+		err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(*check_pw))
+		if err == nil {
+			result = true
+			return
+		}
+	}
+	return
+}
diff --git a/main.go b/main.go
index e8d70d8..92864a1 100644
--- a/main.go
+++ b/main.go
@@ -16,9 +16,11 @@ var static_files = flag.String("static", "./static", "location of static files")
 var db_file = flag.String("db", "./db.sqlite", "the database")
 var template_dir = flag.String("templates", "templates", "template dir")
 var add_pw = flag.String("passwd", "", "add this pass to the db")
+var check_pw = flag.String("checkpw", "", "check if this pw is in db")
 
 var store = sessions.NewCookieStore([]byte("hello world"))
 var templates *template.Template
+var db *sqlite3.Database
 
 func main() {
 	flag.Parse()
@@ -27,7 +29,7 @@ func main() {
 		if err != nil {
 			log.Fatal(err)
 		}
-		db, err := sqlite3.Open(*db_file)
+		db, err = sqlite3.Open(*db_file)
 		defer db.Close()
 		if err != nil {
 			log.Fatal(err)
@@ -38,6 +40,8 @@ func main() {
 		if err != nil {
 			log.Fatal(err)
 		}
+	} else if *check_pw != "" {
+        fmt.Printf("valid password: %v\n", check_password(*check_pw))
 	} else {
 		http.HandleFunc("/", homeHandler)
 		http.HandleFunc("/login", loginHandler)