diff --git a/api/routes/user.js b/api/routes/user.js
index 3cc228f..88af292 100644
--- a/api/routes/user.js
+++ b/api/routes/user.js
@@ -1,6 +1,7 @@
 const express = require("express");
 const router = express.Router();
 const jwt = require("jsonwebtoken");
+const bcrypt = require("bcrypt");
 const db = require("../../config/db");
 
 // User login endpoint
@@ -12,7 +13,7 @@ router.post("/login", (req, res) => {
   }
 
   const sql = "SELECT * FROM tbl_user WHERE username = ?";
-  db.query(sql, [username], (err, results) => {
+  db.query(sql, [username], async (err, results) => {
     if (err) {
       console.error(err);
       return res.status(500).send("Server error");
@@ -24,10 +25,14 @@ router.post("/login", (req, res) => {
 
     const user = results[0];
 
-    if (password === user.password) {
+    // Compare provided password with the hashed password in the database
+    const isMatch = await bcrypt.compare(password, user.password);
+    
+    if (isMatch) {
       let jwtSecretKey = process.env.JWT_SECRET_KEY || "defaultSecretKey";
       let data = { userId: user.id, username: user.username };
 
+      // Create JWT token
       const token = jwt.sign(data, jwtSecretKey, { expiresIn: "1d" });
       return res.json({ token });
     } else {