diff --git a/app.js b/app.js
index 3efd585..a379166 100644
--- a/app.js
+++ b/app.js
@@ -7,6 +7,7 @@ var random = require('./database/accounts/random');
 const passport = require('passport');
 const session = require('express-session');
 const accounts = require('./database/accounts/accounts');
+var flash = require('connect-flash');
 
 
 var indexRouter = require('./routes/index');
@@ -18,6 +19,9 @@ var adminRouter = require('./routes/admin');
 
 var app = express();
 
+// flash setup
+app.use(flash());
+
 // session setup
 app.use(
   session({
diff --git a/package-lock.json b/package-lock.json
index c402529..1903fa7 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,6 +10,7 @@
       "dependencies": {
         "async": "^3.2.2",
         "bcrypt": "^5.0.1",
+        "connect-flash": "^0.1.1",
         "cookie-parser": "~1.4.3",
         "debug": "~2.6.9",
         "dotenv": "^10.0.0",
@@ -430,6 +431,14 @@
       "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
       "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s="
     },
+    "node_modules/connect-flash": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/connect-flash/-/connect-flash-0.1.1.tgz",
+      "integrity": "sha1-2GMPJtlaf4UfmVax6MxnMvO2qjA=",
+      "engines": {
+        "node": ">= 0.4.0"
+      }
+    },
     "node_modules/console-control-strings": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/console-control-strings/-/console-control-strings-1.1.0.tgz",
@@ -2554,6 +2563,11 @@
       "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
       "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s="
     },
+    "connect-flash": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/connect-flash/-/connect-flash-0.1.1.tgz",
+      "integrity": "sha1-2GMPJtlaf4UfmVax6MxnMvO2qjA="
+    },
     "console-control-strings": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/console-control-strings/-/console-control-strings-1.1.0.tgz",
diff --git a/package.json b/package.json
index 2959fbd..c3c687d 100644
--- a/package.json
+++ b/package.json
@@ -9,6 +9,7 @@
   "dependencies": {
     "async": "^3.2.2",
     "bcrypt": "^5.0.1",
+    "connect-flash": "^0.1.1",
     "cookie-parser": "~1.4.3",
     "debug": "~2.6.9",
     "dotenv": "^10.0.0",
diff --git a/routes/auth.js b/routes/auth.js
index 9b400e5..5d2e910 100644
--- a/routes/auth.js
+++ b/routes/auth.js
@@ -5,7 +5,7 @@ const accounts = require('./../database/accounts/accounts');
 const app = require('../app');
 
 router.get('/login', (req, res, next) => {
-    res.render('accounts/login', { title : "Login" });
+    res.render('accounts/login', { title : "Login", message: req.flash('error') });
 });
 
 router.get('/logout', (req, res, next) => {
@@ -15,8 +15,9 @@ router.get('/logout', (req, res, next) => {
 
 router.post('/login', 
         passport.authenticate('local', {
-            failureRedirect: '/fail',
-            successRedirect: '/success',
+            failureRedirect: '/auth/login',
+            successRedirect: '/',
+            failureFlash: "Invalid email or password.",
         }),
         (req, res, next) => {
             console.log(req.user);
diff --git a/views/accounts/login.pug b/views/accounts/login.pug
index fb58202..13f707e 100644
--- a/views/accounts/login.pug
+++ b/views/accounts/login.pug
@@ -16,5 +16,6 @@ block content
         label Password 
         span(class='form-section-input')
           input(type="password", name="password")
+      .error #{message}
       span(class='form-section')
         button#submit-button(type="submit") Submit
\ No newline at end of file