diff --git a/route_handlers.go b/route_handlers.go
index 3667843..169052d 100644
--- a/route_handlers.go
+++ b/route_handlers.go
@@ -53,6 +53,14 @@ func getPostHandler(getFn, postFn func(http.ResponseWriter, *http.Request)) func
 	}
 }
 
+func ShowTemplate(template string, w http.ResponseWriter, r *http.Request, user *user.User) {
+err := templates[template].Execute(w, map[string]interface{}{"user": user})
+	if err != nil {
+		fmt.Println("Exec err: ", err)
+	}
+	// TODO: show error 500 page
+}	
+
 // Log in page handler
 func LoginFormHandler(w http.ResponseWriter, r *http.Request) {
 	session, _ := store.Get(r, "c_user")
@@ -78,19 +86,22 @@ func LoginPostHandler(w http.ResponseWriter, r *http.Request) {
 		session, _ := store.Get(r, "c_user")
 		session.Values["username"] = user.Username
 		session.Save(r, w)
-		http.Redirect(w, r, "/home", http.StatusFound)  // TODO: $GET['redirect']
+		if r.URL.Query().Get("url") != "" {
+		    http.Redirect(w, r, "/add?" + r.URL.RawQuery, http.StatusFound)
+		}
+		http.Redirect(w, r, "/", http.StatusFound)
 	} else {
 		time.Sleep(500 * time.Millisecond) // WEAK bypassable poor mans rate limiting for failed logins
 		session, _ := store.Get(r, "c_user")
 		session.AddFlash("Username or password", flash_err)
 		session.Save(r, w)
-		http.Redirect(w, r, "/login", http.StatusFound)
+		http.Redirect(w, r, "/login?"+r.URL.RawQuery, http.StatusFound)
 	}
 }
 
-
+// ?url=
 func addFormHandler(w http.ResponseWriter, r *http.Request, user *user.User) {
-	
+	ShowTemplate("add", w, r, user)
 }
 
 func addPostHandler(w http.ResponseWriter, r *http.Request, user *user.User) {
diff --git a/templates/pages/add.html b/templates/pages/add.html
new file mode 100644
index 0000000..dbff2af
--- /dev/null
+++ b/templates/pages/add.html
@@ -0,0 +1,14 @@
+{{define "body"}}
+<h2 class="form-add-heading">Add Link</h2>
+{{template "flashes" .}}
+<form class="form-add" action="/add" method="post" role="form" class="container col-form">
+<div class="row">
+    <div class="col-xs-2">Link:</div><div class="col-xs-10"><input type="text" class="form-control" name="link" placeholder="Link"/></div>
+    <div class="col-xs-2">Title:</div><div class="col-xs-10"><input type="text" class="form-control" name="title" placeholder="Title"/></div>
+    <div class="col-xs-2">Path:</div><div class="col-xs-10"><input type="text" class="form-control" name="path" placeholder="Path"/></div>
+    <div class="col-xs-2">Description:</div><div class="col-xs-10"><textarea class="form-control" name="description" placeholder="Description"  rows="3" cols="80">{{.task.Description}}</textarea></div>
+    <div class="col-xs-2"></div><div class="col-xs-10"><input class="btn btn-lg btn-primary btn-block" type="submit" value="Add Link" /></div>
+</div>
+
+</form>
+{{end}}
diff --git a/user/user.go b/user/user.go
index 719371f..f082edc 100644
--- a/user/user.go
+++ b/user/user.go
@@ -25,7 +25,7 @@ func UsernameExists(db *sql.DB, username string) (bool, error) {
 
 func NewUserFromAuth(db *sql.DB, username, password string) *User {
 	fmt.Println("NewUserFromAuth:", username, ":", password)
-	rows, err := db.Query("SELECT username FROM users WHERE username = $1 AND password = crypt($2 ,gen_salt('bf'));", username, password)
+	rows, err := db.Query("SELECT username FROM users WHERE username = $1 AND password IS NOT NULL AND password = crypt($2 , password);", username, password)
 	if err != nil {
 		fmt.Println("Username or auth fail: ", err)
 		return nil
@@ -37,6 +37,7 @@ func NewUserFromAuth(db *sql.DB, username, password string) *User {
 			fmt.Println("scan err: ", err)
 		}
 	} else {
+	    fmt.Println("no match")
 		return nil
 	}
 	return &user