diff --git a/.gitignore b/.gitignore
index 9a30b15..c5ff331 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 node_modules/
 package-lock.json
-.env
\ No newline at end of file
+.env
+yarn.lock
\ No newline at end of file
diff --git a/package.json b/package.json
index a02486f..48a2299 100644
--- a/package.json
+++ b/package.json
@@ -4,7 +4,9 @@
   "description": "",
   "main": "src/index.js",
   "scripts": {
-    "start": "node src/index.js"
+    "start": "node src/index.js",
+    "adduser": "python script/adduser.py",
+    "build": "babel src -d lib"
   },
   "author": "unurled",
   "license": "ISC",
@@ -16,7 +18,8 @@
     "mongoose": "^6.1.8",
     "passport": "^0.5.2",
     "passport-gitlab2": "^5.0.0",
-    "passport-local": "^1.0.0"
+    "passport-local": "^1.0.0",
+    "xxhashjs": "^0.2.2"
   },
   "devDependencies": {
     "tailwindcss": "^3.0.16"
diff --git a/script/adduser.py b/script/adduser.py
new file mode 100644
index 0000000..f29c1f2
--- /dev/null
+++ b/script/adduser.py
@@ -0,0 +1,24 @@
+import collections
+from pymongo import MongoClient
+from dotenv import load_dotenv
+from os import getenv
+import xxhash
+import getpass
+
+load_dotenv()
+client=MongoClient(getenv("MONGO"))
+db = client.get_database(getenv("DB"))
+
+def add_user():
+    username = input('username ? ')
+    password = getpass.getpass('password ? ')
+    pass_retry = getpass.getpass('Re-type your password ? ')
+    if password != pass_retry:
+        print("not correct password.")
+        add_user()
+    hashed_pass = xxhash.xxh64(password, 5).hexdigest()
+    collection  = db["users"]
+    print(f"username: {username}, password: {hashed_pass}")
+    collection.update_one({ "name": username}, { "$set": {"pass": hashed_pass}})
+    
+add_user()
\ No newline at end of file
diff --git a/src/login.js b/src/login.js
index c122a2a..362f308 100644
--- a/src/login.js
+++ b/src/login.js
@@ -2,23 +2,11 @@ const User = require('./model/user');
 const express = require('express')
 
 const router = express.Router()
-
-const cyrb53 = function(str, seed = 0) {
-    let h1 = 0xdeadbeef ^ seed, h2 = 0x41c6ce57 ^ seed;
-    for (let i = 0, ch; i < str.length; i++) {
-        ch = str.charCodeAt(i);
-        h1 = Math.imul(h1 ^ ch, 2654435761);
-        h2 = Math.imul(h2 ^ ch, 1597334677);
-    }
-    h1 = Math.imul(h1 ^ (h1>>>16), 2246822507) ^ Math.imul(h2 ^ (h2>>>13), 3266489909);
-    h2 = Math.imul(h2 ^ (h2>>>16), 2246822507) ^ Math.imul(h1 ^ (h1>>>13), 3266489909);
-    return 4294967296 * (2097151 & h2) + (h1>>>0);
-};
-
+const XXH = require('xxhashjs');
 
 router.post('/auth', function(request, response) {
 	var username = request.body.username;
-	var password = cyrb53(request.body.password, 5).toString();
+	var password = XXH.h64(request.body.password, 5).toString(16);
 	if (username && password) {
 		let user = User.findOne({
       name: username, pass: password
diff --git a/src/text.js b/src/text.js
index dc2f4bd..ff9d9f0 100644
--- a/src/text.js
+++ b/src/text.js
@@ -1,21 +1,21 @@
+require('dotenv').config()
 const express = require('express')
 const router = express.Router()
 
 const User = require('./model/user');
 
 router.get('/', function(request, response) {
-  let username = 'unurled';
-  console.log(username)
-	let	user = User.findOne(
-    {user: username}, function(err, results) {
-    console.log("updated, ")
-    console.log(results.text)
-		if (results.text.length > 0) {
-			response.send('{"text": "' + results.text + '"}')
+  let username = "";
+  console.log(username);
+	User.find({}, function(err, res) {
+		console.log("updated, ")
+    console.log(res[0].text)
+		if (res[0].text.length > 0) {
+			response.send('{"text": "' + res[0].text + '"}')
       //response.sendFile(path.join(__dirname + `/public/index.html`))
 		} else {
 			response.send('Incorrect Username and/or Password!');
-		}			
+		}	
 	});
 });