diff --git a/http/http.go b/http/http.go
index 77e71d7..1547a03 100644
--- a/http/http.go
+++ b/http/http.go
@@ -107,12 +107,18 @@ func (h *Handler) loginPost(c *gin.Context) {
 	username, _ := c.GetPostForm("username")
 	password, _ := c.GetPostForm("password")
 
-	if username != "jan" || password != "passwort" {
+	user, err := h.UserService.UserByUsername(username)
+	if err != nil {
 		c.AbortWithStatus(http.StatusUnauthorized)
 		return
 	}
 
-	t, err := h.TokenVerifier.CreateToken(username, "Jan Bader")
+	if password != user.Password {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	t, err := h.TokenVerifier.CreateToken(user.Email, user.Name)
 	if err != nil {
 		c.AbortWithStatus(http.StatusUnauthorized)
 	}
diff --git a/postgres/userservice.go b/postgres/userservice.go
index 8a78084..9d11926 100644
--- a/postgres/userservice.go
+++ b/postgres/userservice.go
@@ -21,6 +21,19 @@ func (s *UserService) User(id budgeteer.ID) (*budgeteer.User, error) {
 	return u, nil
 }
 
+// UserByUsername returns a user for a given username.
+func (s *UserService) UserByUsername(username string) (*budgeteer.User, error) {
+	u := &budgeteer.User{Email: username}
+	err := s.DB.Model(&u).
+		Where("email = ?", username).
+		Limit(1).
+		Select()
+	if err != nil {
+		return nil, err
+	}
+	return u, nil
+}
+
 // CreateUser saves a user to the DB
 func (s *UserService) CreateUser(user *budgeteer.User) error {
 	user.ID = s.IDGenerator.New()
diff --git a/user.go b/user.go
index e239545..37ce172 100644
--- a/user.go
+++ b/user.go
@@ -11,6 +11,7 @@ type User struct {
 // UserService provides Methods for CRUD of Users
 type UserService interface {
 	User(id ID) (*User, error)
+	UserByUsername(username string) (*User, error)
 	//Users() ([]*User, error)
 	CreateUser(u *User) error
 	//DeleteUser(id int) error