diff --git a/backend/internal/database/db.go b/backend/internal/database/db.go
index 6b8a990..ef365cd 100644
--- a/backend/internal/database/db.go
+++ b/backend/internal/database/db.go
@@ -14,6 +14,7 @@ import (
 type Database interface {
 	// Insert a new user into the database, password should be hashed before calling
 	AddUser(username string, password string) error
+	CheckUser(username string, password string) bool
 	RemoveUser(username string) error
 	PromoteToAdmin(username string) error
 	GetUserId(username string) (int, error)
@@ -77,6 +78,15 @@ func DbConnect(dbpath string) Database {
 	return &Db{db}
 }
 
+func (d *Db) CheckUser(username string, password string) bool {
+	var dbPassword string
+	err := d.Get(&dbPassword, "SELECT password FROM users WHERE username = ?", username)
+	if err != nil {
+		return false
+	}
+	return dbPassword == password
+}
+
 // GetProjectsForUser retrieves all projects associated with a specific user.
 func (d *Db) GetProjectsForUser(username string) ([]types.Project, error) {
 	var projects []types.Project
diff --git a/backend/internal/handlers/global_state.go b/backend/internal/handlers/global_state.go
index f7172f5..648b4ed 100644
--- a/backend/internal/handlers/global_state.go
+++ b/backend/internal/handlers/global_state.go
@@ -110,8 +110,7 @@ func (gs *GState) Login(c *fiber.Ctx) error {
 	user := c.FormValue("user")
 	pass := c.FormValue("pass")
 
-	// Throws Unauthorized error
-	if user != "user" || pass != "pass" {
+	if !gs.Db.CheckUser(user, pass) {
 		return c.SendStatus(fiber.StatusUnauthorized)
 	}