diff --git a/app/Config/Filters.php b/app/Config/Filters.php
index 1468520..ad5c78c 100644
--- a/app/Config/Filters.php
+++ b/app/Config/Filters.php
@@ -8,7 +8,7 @@ use CodeIgniter\Filters\DebugToolbar;
 use CodeIgniter\Filters\Honeypot;
 use CodeIgniter\Filters\InvalidChars;
 use CodeIgniter\Filters\SecureHeaders;
-
+use App\Filters\Cors;
 class Filters extends BaseConfig
 {
     /**
@@ -23,6 +23,7 @@ class Filters extends BaseConfig
         'honeypot'      => Honeypot::class,
         'invalidchars'  => InvalidChars::class,
         'secureheaders' => SecureHeaders::class,
+        'cors'     => Cors::class, 
     ];
 
     /**
@@ -36,6 +37,7 @@ class Filters extends BaseConfig
             // 'honeypot',
             // 'csrf',
             // 'invalidchars',
+            'cors'
         ],
         'after' => [
             'toolbar',
diff --git a/app/Controllers/Myfituser.php b/app/Controllers/Myfituser.php
index d741a1b..07fcdcd 100644
--- a/app/Controllers/Myfituser.php
+++ b/app/Controllers/Myfituser.php
@@ -32,10 +32,11 @@ class Myfituser extends BaseController
 
     public function users()
     {
-        header('Access-Control-Allow-Origin: * ');
+        
+        header('Access-Control-Allow-Origin: *');
         //header("Access-Control-Allow-Origin: http://localhost:9057 ");
         header('Access-Control-Expose-Headers: Access-Control-Allow-Origin');
-        header('Access-Control-Allow-Credentials: true ');
+        //header('Access-Control-Allow-Credentials: true ');
         //header("Access-Control-Allow-Headers: Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With");
         header('Access-Control-Allow-Methods: POST, GET, PUT, DELETE, OPTIONS');
         header('Content-type: application/json');
@@ -52,24 +53,42 @@ class Myfituser extends BaseController
             'login' => ['POST'],
         ];
 
-       // $raw_array = [];
+        $res1 = [];
         if (array_key_exists($endpoint, $endpoints)) {
         } else {
             http_response_code(404);
             // tell the user product does not exist
-            echo json_encode(['message' => 'Enpoint not found.']);
+            echo json_encode(['message' => 'Endpoint not found.']);
         }
         //  echo "EXYTACT INPUT DATA HERE";
         $raw_json = file_get_contents('php://input');
         $raw_array = json_decode($raw_json, true);
 
+        switch ($endpoint) {
+            case "login":
+                $userAccess = new \App\Models\userAccess();
+                $res1 = $userAccess->startLogin($raw_array);
+                break;
+            case "createuser":
+                $res= $this->dummyData($raw_array);
+                break;
+            case 2:
+                echo "i equals 2";
+                break;
+        }
+
 
-        $userAccess = new \App\Models\userAccess();
-        $res1 = $userAccess->startLogin($raw_array);
 
         return $this->response->setJson($res1);
     }
 
+    //this is dummy function to establish the endpoints before real implementations 
+    private function dummyData($raw_array){
+        return [
+            'msg'=> 'Not implemented yet',
+            'raw_data' => $raw_array
+        ];
+    }
     public function blogdata()
     {
         /*  header("Access-Control-Allow-Origin: *");
diff --git a/app/Filters/Cors.php b/app/Filters/Cors.php
new file mode 100644
index 0000000..64f306d
--- /dev/null
+++ b/app/Filters/Cors.php
@@ -0,0 +1,53 @@
+<?php
+
+namespace App\Filters;
+
+use CodeIgniter\Filters\FilterInterface;
+use CodeIgniter\HTTP\RequestInterface;
+use CodeIgniter\HTTP\ResponseInterface;
+
+class Cors implements FilterInterface
+{
+    /**
+     * Do whatever processing this filter needs to do.
+     * By default it should not return anything during
+     * normal execution. However, when an abnormal state
+     * is found, it should return an instance of
+     * CodeIgniter\HTTP\Response. If it does, script
+     * execution will end and that Response will be
+     * sent back to the client, allowing for error pages,
+     * redirects, etc.
+     *
+     * @param RequestInterface $request
+     * @param array|null       $arguments
+     *
+     * @return mixed
+     */
+    public function before(RequestInterface $request, $arguments = null)
+    {
+        header("Access-Control-Allow-Origin: *");
+        header("Access-Control-Allow-Headers: X-API-KEY, Origin,X-Requested-With, Content-Type, Accept, Access-Control-Requested-Method, Authorization");
+        header("Access-Control-Allow-Methods: GET, POST, OPTIONS, PATCH, PUT, DELETE");
+        $method = $_SERVER['REQUEST_METHOD'];
+        if($method == "OPTIONS"){
+            die();
+        }
+    }
+
+    /**
+     * Allows After filters to inspect and modify the response
+     * object as needed. This method does not allow any way
+     * to stop execution of other after filters, short of
+     * throwing an Exception or Error.
+     *
+     * @param RequestInterface  $request
+     * @param ResponseInterface $response
+     * @param array|null        $arguments
+     *
+     * @return mixed
+     */
+    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
+    {
+        //
+    }
+}
diff --git a/app/Models/userAccess.php b/app/Models/userAccess.php
index 1743495..2916d2c 100644
--- a/app/Models/userAccess.php
+++ b/app/Models/userAccess.php
@@ -19,16 +19,26 @@ class userAccess extends Model
     {
         $sqlQ =
             'SELECT m.id as member_id, m.*,mp.* FROM members m LEFT JOIN members_profile mp ON m.id=mp.member_id WHERE m.id =12';
+
+        $username = $in['username'];
+        $password = $in['password'];
+        $sqlQ =
+            "SELECT m.id as member_id, m.*,mp.* 
+            FROM members m LEFT 
+            JOIN members_profile mp ON m.id=mp.member_id 
+            WHERE LOWER(m.username) = LOWER('$username') 
+            AND m.password=md5('$password') ";
+
         $query = $this->db->query($sqlQ);
         $data['profile_data'] = $query->getResultArray();
 
         if (count($data['profile_data']) == 1) {
             $data['profile_data'][0]['password'] = '**REMOVED**';
-            $member_id =  $data['profile_data'][0]['member_id'];
+            $member_id = $data['profile_data'][0]['member_id'];
             return $inx = [
                 'session_token' => $this->generateSession($member_id),
-                'member_id'=> $member_id,
-                'profile' => $data['profile_data'],
+                'member_id' => $member_id,
+                'profile' => $data['profile_data'][0],
                 'settings' => [],
                 'preferences' => [],
                 'status' => 1,
@@ -41,15 +51,16 @@ class userAccess extends Model
                 'preferences' => [],
                 'status' => 0,
                 'raw_data' => $in,
+                'error_msg' => 'Invalid username or password',
             ];
         }
     }
 
     private function generateSession()
     {
-        // do the seesion stuffs here - set up all permissions 
-        $tk='';
-        for($i=1; $i<20; $i++){
+        // do the seesion stuffs here - set up all permissions
+        $tk = '';
+        for ($i = 1; $i < 20; $i++) {
             $tk .= rand(11111, 99999);
         }
         return $tk;