diff --git a/app.rb b/app.rb
index 8c1902b..0343cf6 100644
--- a/app.rb
+++ b/app.rb
@@ -4,6 +4,10 @@
 require 'sinatra-websocket'
 require 'active_support'
 require 'active_support/core_ext'
+require 'sqlite3'
+require 'active_record'
+require 'json'
+require 'openssl'
 require 'logger'
 
 enable :sessions
@@ -17,6 +21,18 @@
 
 logger = Logger.new(STDOUT)
 
+ActiveRecord::Base.establish_connection(
+  adapter: 'sqlite3',
+  database: './db/accounts.db'
+)
+
+after do
+  ActiveRecord::Base.connection.close
+end
+
+class User < ActiveRecord::Base
+end
+
 get '/' do
   if session[:team].blank? #チームがsetされていないときに選択画面に遷移する
     erb :select
@@ -98,15 +114,54 @@
 end
 
 get '/controller' do #出題者が操作するページ
-  session[:admin]=8804912
-  pushed=Array.new
-  settings.flags.sort_by{|key,value| value}.each do |key, value|
-    if value==0
-      next
+  if session[:admin].blank?
+    erb :login
+  elsif session[:admin]==8804912
+    pushed=Array.new
+    settings.flags.sort_by{|key,value| value}.each do |key, value|
+      if value==0
+        next
+      else
+        pushed.push("<li>チーム#{key}</li>")
+      end
+    end
+    @pushed=pushed.join("\n")
+    erb :controller
+  end
+end
+
+post '/check' do
+  if params[:user_id]
+    user_id = params[:user_id]
+    session[:user_id] = user_id
+    user=User.find_by(user_id: user_id)
+    salt = [OpenSSL::Random.random_bytes(32)].pack("m").chomp!
+    session[:salt]=salt
+    logger.debug(salt)
+    if user.blank?
+      {nounce: user.salt, salt: salt}.to_json
     else
-      pushed.push("<li>チーム#{key}</li>")
+      salt_dummy = [OpenSSL::Random.random_bytes(32)].pack("m").chomp!
+      {nounce: salt_dummy, salt: salt}.to_json
+    end
+  elsif params[:password]
+    password = params[:password]
+    user=User.find_by(user_id: session[:user_id])
+    if user.blank?
+      return
+    end
+    payload = user.password_digest
+    hmac = OpenSSL::HMAC.hexdigest('sha256', session[:salt], payload)
+    logger.debug(hmac)
+    payload2 = hmac
+    logger.debug(params[:salt])
+    hmac2 = OpenSSL::HMAC.hexdigest('sha256', params[:salt], payload2)
+    logger.debug(hmac2)
+    if password == hmac2
+      session[:admin]=8804912
+      return
+    else
+      return
     end
   end
-  @pushed=pushed.join("\n")
-  erb :controller
 end