diff --git a/package.json b/package.json
index eb86a15..ddaae9f 100644
--- a/package.json
+++ b/package.json
@@ -44,6 +44,7 @@
 		"@sveltejs/adapter-node": "^5.2.12",
 		"@tailwindcss/forms": "^0.5.10",
 		"autoprefixer": "^10.4.21",
+		"better-sqlite3": "^12.2.0",
 		"crypto": "^1.0.1",
 		"jsonwebtoken": "^9.0.2",
 		"jssha": "^3.3.1",
diff --git a/src/init/init_db.js b/src/init/init_db.js
index fdf9caa..c47d240 100644
--- a/src/init/init_db.js
+++ b/src/init/init_db.js
@@ -1,42 +1,39 @@
-import sqlite3 from 'sqlite3';
+import Database from 'better-sqlite3';
 import jsSHA from 'jssha';
 
-const db = new sqlite3.Database('./src/lib/data/tatort.db');
+const db = new Database('./src/lib/data/tatort.db');
 
-db.serialize(() => {
-    // users table
+let create_stmt = `CREATE TABLE IF NOT EXISTS users
+        (id INTEGER PRIMARY KEY AUTOINCREMENT,
+            name TEXT NOT NULL,
+            pw TEXT NOT NULL)`;
+db.exec(create_stmt);
 
-    let create_stmt = `CREATE TABLE IF NOT EXISTS users
-            (id INTEGER PRIMARY KEY AUTOINCREMENT,
-             name TEXT NOT NULL,
-             pw TEXT NOT NULL)`;
-    db.run(create_stmt);
+// check if there are any users; if not add one default admin one
+let pw = 'pass-123';
+let hashed_pw = new jsSHA('SHA-512', 'TEXT').update(pw).getHash('HEX');
 
-    // check if there are any users; if not add one default admin one
-    let pw = 'pass-123';
-    let hashed_pw = new jsSHA('SHA-512', 'TEXT').update(pw).getHash('HEX');
+let check_ins_stmt = `INSERT INTO users (name, pw) SELECT 'admin', '${hashed_pw}'
+                    WHERE NOT EXISTS (SELECT * FROM users);`;
 
-    let check_ins_stmt = `INSERT INTO users (name, pw) SELECT 'admin', '${hashed_pw}'
-                        WHERE NOT EXISTS (SELECT * FROM users);`;
+db.exec(check_ins_stmt);
 
-    db.run(check_ins_stmt);
+let users_stmt = `SELECT * FROM USERS`;
+const stmt = db.prepare(users_stmt);
+for (const usr of stmt.iterate()) {
+    console.log(`xxx ${usr.name} + ${usr.pw}`)
+};
 
-    let users_stmt = `SELECT * FROM USERS`;
-    db.each(users_stmt, (err, row) => {
-        console.log(`xxx ${row.name} + ${row.pw}`)
-    });
+// cases table
 
-    // cases table
+create_stmt = `CREATE TABLE IF NOT EXISTS cases
+        (id INTEGER PRIMARY KEY AUTOINCREMENT,
+            token TEXT NOT NULL UNIQUE,
+            name TEXT NOT NULL,
+            pw TEXT NOT NULL,
+            created_by INTEGER NOT NULL,
+            FOREIGN KEY(created_by) REFERENCES users(id))`;
 
-    create_stmt = `CREATE TABLE IF NOT EXISTS cases
-            (id INTEGER PRIMARY KEY AUTOINCREMENT,
-             token TEXT NOT NULL UNIQUE,
-             name TEXT NOT NULL,
-             pw TEXT NOT NULL,
-             created_by INTEGER NOT NULL,
-             FOREIGN KEY(created_by) REFERENCES users(id))`;
-
-    db.run(create_stmt);
-});
+db.exec(create_stmt);
 
 db.close();
diff --git a/src/lib/auth.ts b/src/lib/auth.ts
index 958bc6e..3582558 100644
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@@ -1,6 +1,12 @@
 import jwt from 'jsonwebtoken';
+import jsSHA from 'jssha';
+import Database from 'better-sqlite3';
+import process from 'process';
 
 import config from '$lib/config';
+// import db from '../init/init_db';
+
+let db = new Database('./src/lib/data/tatort.db');
 
 const SECRET = config.jwt.secret;
 const EXPIRES_IN = config.jwt.expiresIn;
@@ -16,14 +22,46 @@ export function decryptToken(token: string) {
 }
 
 export function authenticate(user, pass) {
-	let userData = null;
+	// let userData = null;
 
-	if (AUTH[user]) {
-		const { password, ...data } = AUTH[user];
-		if (password && password === pass) userData = data;
+	// if (AUTH[user]) {
+	// 	const { password, ...data } = AUTH[user];
+	//
+	// 	// fetch user password from db;
+	// 	db.get(get_usr_stmt, [user], (err, row) => {
+	// 		console.log(`[row] ${row.name} + ${row.pw}`);
+	// 		let stored_pw = row.pw;
+	// 		// hash user password
+	// 		let hashed_pw = new jsSHA('SHA-512', 'TEXT').update(pass).getHash('HEX');
+	//
+	// 		console.log(`+++ ${stored_pw} || ${hashed_pw} || ${pass}`);
+	//
+	// 		if (hashed_pw && hashed_pw === stored_pw) {
+	// 			console.log(`--- SUCCESS`);
+	// 			userData = data;
+	// 		}
+	// 		if (userData == null) return null;
+	// 		console.log(`^^^ ${userData}`);
+	// 		return createToken({ id: user, ...userData });
+	// 	});
+	// }
+	//
+	// if (userData == null) return null;
+
+	let token;
+
+	// hash user password
+	let hashed_pw = new jsSHA('SHA-512', 'TEXT').update(pass).getHash('HEX');
+
+	let get_usr_stmt = 'SELECT name, pw FROM users WHERE name = ?';
+	const row = db.prepare(get_usr_stmt).get(user);
+	let stored_pw = row.pw;
+
+	console.log(`+++ ${pass} || ${stored_pw} || ${hashed_pw}`);
+
+	if (hashed_pw && hashed_pw === stored_pw) {
+		token = createToken({ id: user, admin: true });
 	}
 
-	if (userData == null) return null;
-
-	return createToken({ id: user, ...userData });
+	return token;
 }