diff --git a/config/supervisord.conf b/config/supervisord.conf
index c7fc992..c036691 100644
--- a/config/supervisord.conf
+++ b/config/supervisord.conf
@@ -8,5 +8,3 @@ autorestart=true
 [program:apache2]
 command=/usr/sbin/apache2ctl -D FOREGROUND
 autorestart=true
-
-# [program:mysql-server]
diff --git a/docker/Dockerfile b/docker/Dockerfile
index c2f75b9..6e3fa21 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,6 +1,9 @@
 FROM ubuntu:24.04
 
 ENV DEBIAN_FRONTEND=noninteractive
+ENV MYSQL_ROOT_PASSWORD=39gknzLD
+ENV MYSQL_DATABASE=app
+
 
 RUN apt update && apt upgrade -y && \
     apt install -y \
@@ -10,7 +13,6 @@ RUN apt update && apt upgrade -y && \
     vim \
     supervisor \
     openssh-server \
-    mysql-server \
     sudo \
     cowsay \
     php \
@@ -59,7 +61,6 @@ RUN chown l33t:l33t /home/l33t/user.txt
 COPY ./flags/root.txt /root/
 RUN chown root:root /root/root.txt
 
-
 # 22 port -> ssh, 31337 port (suggestion) -> vulnerable webserver players need to find using nmap port scans
 
 EXPOSE 22
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index 8d69532..0084616 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -1,10 +1,24 @@
 services:
+  db:
+    image: mysql:8.1
+    environment:
+      MYSQL_ROOT_PASSWORD: 39gknzLD
+      MYSQL_DATABASE: app
+    volumes:
+      - $PWD/config/base.sql:/docker-entrypoint-initdb.d/base.sql:ro
+    ports:
+      - "3306:3306"
   app:
     hostname: srv1prod
     build:
       context: ..
       dockerfile: docker/Dockerfile
     container_name: "ji-ctf-dockerized"
+    environment:
+      MYSQL_ROOT_PASSWORD: 39gknzLD
+      MYSQL_DATABASE: app
     ports:
       - "22:22"
-      - "31337:31337"
\ No newline at end of file
+      - "31337:31337"
+    depends_on:
+      - db
\ No newline at end of file
diff --git a/www/login.php b/www/login.php
index 4947bec..9444356 100644
--- a/www/login.php
+++ b/www/login.php
@@ -26,15 +26,27 @@
     // add sqli vulnerable login functionnality
     // ??
     // profit
-        if (! empty($_POST)) {
-            $name = $_POST['username'];
-            $password = $_POST['password'];
-            if (empty($name)) {
-                echo "Username is empty";
+    $servername = "db";
+    $username = "root";
+    $password = "39gknzLD";
+
+    $conn = new mysqli($servername, $username, $password);
+
+    if (! empty($_POST)) {
+        $name = $_POST['username'];
+        $password = $_POST['password'];
+        if (empty($name)) {
+            echo "Username is empty.";
+        } else {
+            $sql = 'SELECT username,pass FROM users WHERE username=' . $name . ' AND pass=' . $password; // sqli here
+            $result = $conn->query($sql);
+            if ($result->num_rows > 0) {
+                echo "CONNECTED" // do redirect to upload page
             } else {
-                echo $name;
+                echo "Wrong username or password !";
             }
         }
+    }
     ?>
 </body>
 </html>
\ No newline at end of file
diff --git a/www/upload.php b/www/upload.php
new file mode 100644
index 0000000..e69de29