diff --git a/cmd/web/handlers.go b/cmd/web/handlers.go
index 6ce3371..e10c947 100644
--- a/cmd/web/handlers.go
+++ b/cmd/web/handlers.go
@@ -230,7 +230,19 @@ func registerUserHandler(w http.ResponseWriter, r *http.Request, db *pgxpool.Poo
 		confirmedPassword := r.FormValue("confirm-password")
 
 		// Save the task to the database
-		addUser(email, password, confirmedPassword, db)
+		err := addUser(email, password, confirmedPassword, db)
+		if err != nil {
+			tmpl, err := template.ParseFiles("./ui/html/signup-form-error.html")
+			if err != nil {
+				http.Error(w, "Error loading template: "+err.Error(), http.StatusInternalServerError)
+				return
+			}
+			// parse template to display tasks
+			err = tmpl.Execute(w, nil)
+			if err != nil {
+				http.Error(w, "Error rendering template: "+err.Error(), http.StatusInternalServerError)
+			}
+		}
 	}
 }
 
diff --git a/cmd/web/helpers.go b/cmd/web/helpers.go
index af147ca..76acc04 100644
--- a/cmd/web/helpers.go
+++ b/cmd/web/helpers.go
@@ -44,19 +44,34 @@ func moveTask(taskID string, stage string, db *pgxpool.Pool) error {
 	return nil
 }
 
-func authorize(r *http.Request) error {
+func authorize(r *http.Request, db *pgxpool.Pool) error {
 	st, err := r.Cookie("session_token")
-	if err != nil || st.Value == "" || !tokenExists(st.Value) {
+	if err != nil || st.Value == "" || !tokenExists(st.Value, db) {
 		return errors.New("Unauthroized")
 	}
 	csrf := r.Header.Get("X-CSRF-Token")
-	if csrf != lookupCSRF(st.Value) || csrf == "" {
+	if csrf != lookupCSRF(st.Value, db) || csrf == "" {
 		return errors.New("Unauthroized")
 	}
 	return nil
 }
 
 func addUser(email string, password string, confirmedPassword string, db *pgxpool.Pool) error {
+	if password != confirmedPassword {
+		return errors.New("passwords do not match")
+	}
+	passwordHash, err := hashPassword(password)
+	if err != nil {
+		log.Println("error hashing password", err)
+		return err
+	}
+	stmt := "INSERT INTO users (email, password_hash) VALUES ($1, $2);"
+	_, err = db.Exec(context.Background(), stmt, email, passwordHash)
+	if err != nil {
+		log.Println("Error adding User", err)
+		return err
+	}
+
 	return nil
 }
 
@@ -64,7 +79,7 @@ func loginUser(w http.ResponseWriter, email string, password string, db *pgxpool
 	stmt := "SELECT password_hash FROM users WHERE email = $1;"
 	row := db.QueryRow(context.Background(), stmt, email)
 	var hash string
-	err := row.Scan(hash)
+	err := row.Scan(&hash)
 	// functionality to search for user in database := user, found
 	if err != nil || checkPasswordHash(password, hash) {
 		log.Println("loging unsuccesful:", err)
@@ -114,10 +129,18 @@ func generateToken(length int) string {
 	return base64.URLEncoding.EncodeToString(bytes)
 }
 
-func tokenExists(sessionToken string) bool {
-	return false
+func tokenExists(sessionToken string, db *pgxpool.Pool) bool {
+	var count int
+	stmt := "SELECT session_token FROM users WHERE session_token = $1;"
+	err := db.QueryRow(context.Background(), stmt, sessionToken).Scan(&count)
+	return err == nil
 }
 
-func lookupCSRF(sessionToken string) string {
-	return ""
+func lookupCSRF(sessionToken string, db *pgxpool.Pool) string {
+	stmt := "SELECT csrf_token FROM users WHERE session_token = $1;"
+	row := db.QueryRow(context.Background(), stmt, sessionToken)
+	var csrfToken string
+	row.Scan(&csrfToken)
+
+	return csrfToken
 }
diff --git a/ui/html/signup-form-error.html b/ui/html/signup-form-error.html
new file mode 100644
index 0000000..5b8eeb0
--- /dev/null
+++ b/ui/html/signup-form-error.html
@@ -0,0 +1,47 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
+  <link rel="stylesheet" href="/static/css/base.css">
+  <script src="https://unpkg.com/htmx.org"></script>
+  <title>do now</title>
+</head>
+
+<body>
+  <div class="topnav">
+    <div class="logo">
+      <a href="/"><b>do now</b></a>
+     </div>
+    <div class="links">
+      <a class="active" href="#tasks"><i class="fa fa-tasks" style="font-size:24px"></i></a>
+      <a href="#timer"><i class="fa fa-clock-o" style="font-size:24px"></i></a>
+      <a href="#account"><i class="fa fa-user" style="font-size:24px"></i></a>
+      <a href="#settings"><i class="fa fa-gear" style="font-size:24px"></i></a>
+      <a href="login"><i class="fa fa-sign-in" style="font-size:24px"></i></a>
+
+    </div>
+  </div>
+<div class="main">
+    <form hx-post="/register" 
+        hx-swap="none" 
+        hx-on::after-request="window.location.href = '/'">>
+
+        <label for="email">Email:</label>
+        <input type="text" id="email" name="email" placeholder="Enter your email" required>
+
+        <label for="password">Password:</label>
+        <input type="text" id="password" name="password" placeholder="Enter a password" required>
+
+        <label for="confirm-password">Password:</label>
+        <input type="text" id="confirm-password" name="confirm-password" placeholder="Confirm password" required>
+
+        <button type="submit">log in</button>
+    </form>
+    <div>
+        <p style="color:red;">
+            PASSWORDS MUST MATCH
+        </p>
+    </div>
+    <a href="#">Close</a>
+</div>