# Login Credentials

## Active Users

All passwords have been properly hashed with bcrypt and stored securely in the database.

### Users

1. **hop**
   - Username: `hop`
   - Password: `hopmusic2025`
   - Status: ✅ Active

2. **Kristen**
   - Username: `Kristen` (case-insensitive)
   - Password: `kristen2025`
   - Status: ✅ Active

3. **Camilah**
   - Username: `Camilah` (case-insensitive)
   - Password: `camilah2025`
   - Status: ✅ Active

4. **worship-leader**
   - Username: `worship-leader`
   - Password: `worship2025`
   - Status: ✅ Active

## Login Instructions

1. Navigate to: `http://localhost:5100` or your domain
2. Enter your username (case doesn't matter)
3. Enter your password
4. Press **Enter** or click **Sign In**

## Biometric Authentication

Users can enable biometric authentication (Face ID, Touch ID, or Fingerprint) through the admin panel:

1. Admin logs in
2. Goes to Admin → Users
3. Clicks Edit on a user
4. Clicks "Enable Biometric"
5. Device prompts for biometric setup
6. User can now log in with biometric

## Technical Details

- All passwords are hashed with bcrypt (10 rounds)
- JWT tokens expire after 7 days
- Case-insensitive username matching
- Enter key works for form submission
- Biometric credentials stored securely in database

## Testing Performed

All four users tested successfully via API:

```bash
✅ hop - Login successful
✅ Kristen - Login successful  
✅ Camilah - Login successful
✅ worship-leader - Login successful
```

## Servers Running

- Frontend (Vite): <http://localhost:5100>
- Backend (Node.js): <http://localhost:8080>
- Database: PostgreSQL (church_songlyric)

---

Last Updated: January 25, 2026