diff --git a/definitions/models.py b/definitions/models.py
index 01e370c..410b15e 100644
--- a/definitions/models.py
+++ b/definitions/models.py
@@ -2,10 +2,28 @@ from flask_sqlalchemy import SQLAlchemy
 from sqlalchemy import Enum, Integer, Float, String, Date, Column, Boolean
 from config import item_attributes, sql_conf
 from definitions.attributes import *
+from werkzeug.security import generate_password_hash, check_password_hash
 
 # Initialize SQLAlchemy
 db = SQLAlchemy()
 
+# Users table
+class User(db.Model):
+    """User model for authentication."""
+    __tablename__ = "users_test"
+
+    id = db.Column(db.Integer, primary_key=True)
+    username = db.Column(db.String(50), unique=True, nullable=False)
+    password_hash = db.Column(db.String(256), nullable=False)  # Increase length to 256
+
+    def set_password(self, password: str) -> None:
+        """Hash the password and store it."""
+        self.password_hash = generate_password_hash(password)
+
+    def check_password(self, password: str) -> bool:
+        """Check if the provided password matches the stored hash."""
+        return check_password_hash(self.password_hash, password)
+
 # Mapping of attribute types to SQLAlchemy column types
 COLUMN_TYPE_MAPPING = {
     textAttribute: lambda attrib: String(attrib.max_length),  # Map text attributes to String columns
diff --git a/routes/homepage.py b/routes/homepage.py
index 3a08e77..fb89d01 100644
--- a/routes/homepage.py
+++ b/routes/homepage.py
@@ -1,12 +1,8 @@
-# routes/homepage.py
 from flask import Blueprint, render_template, redirect, url_for, session, request, flash
+from definitions.models import db, User
 
 homepage_bp = Blueprint('homepage', __name__)
 
-# Hardcoded credentials for testing (replace with proper authentication in production)
-VALID_USERNAME = "admin"
-VALID_PASSWORD = "password"
-
 @homepage_bp.route('/')
 def index():
     # Redirect to /viewall if the user is already logged in
@@ -25,8 +21,11 @@ def login():
         username = request.form['username']
         password = request.form['password']
 
-        # Validate credentials (replace with proper authentication logic)
-        if username == VALID_USERNAME and password == VALID_PASSWORD:
+        # Query the database for the user
+        user = User.query.filter_by(username=username).first()
+
+        # Validate credentials
+        if user and user.check_password(password):
             session['username'] = username  # Store username in session
             return redirect(url_for('viewall.view_list'))
         else:
diff --git a/templates/login.html b/templates/login.html
index 6d322de..2af868c 100644
--- a/templates/login.html
+++ b/templates/login.html
@@ -13,6 +13,14 @@
 			<p>Inventory management system</p>
 		</div>
 
+		{% with messages = get_flashed_messages(with_categories=true) %}
+			{% if messages %}
+            	{% for category, message in messages %}
+                	<div class="alert alert-{{ category }}">{{ message }}</div>
+            	{% endfor %}
+        	{% endif %}
+		{% endwith %}
+
 		<div class="login-container">
 			<h2>Login</h2>
 			<form action="/login" method="post">