diff --git a/user.php b/user.php
index 08c2575..0364d82 100644
--- a/user.php
+++ b/user.php
@@ -259,9 +259,36 @@
             else if($function == "delete_account")
             {
                 //remove account and data from sync server
-                // 1. verify user auth
-                // 2. get collections + data and remove data
-                // 3. remove user account
+                // 1. verify user auth, needs $auth_pw passed to function.
+                if($auth_pw == '')
+                {
+                  log_error("user.php : delete account, no auth password given");
+                  report_problem(WEAVE_ERROR_MISSING_PASSWORD, 400);
+                }
+                try 
+                {
+                  $existingHash = $db->get_password_hash(); //passes $username internally
+                  $hash = WeaveHashFactory::factory();
+         
+                  if ( ! $hash->verify(fix_utf8_encoding($auth_pw), $existingHash) )
+                  {
+                    log_error("Auth failed 2 {");
+                    log_error(" User pw: ". $auth_user ."|".$auth_pw ."|md5:". md5($auth_pw) ."|fix:". fix_utf8_encoding($auth_pw) ."|fix md5 ". md5(fix_utf8_encoding($auth_pw)));
+                    log_error(" Url_user: ".$url_user);
+                    log_error(" Existing hash: ".$existingHash);
+                    log_error("}");
+                    report_problem('Authentication failed', '401');
+                  } else {
+                    // 2. get collections + data and remove data
+                    // 3. remove user account
+                  }
+                }
+                catch(Exception $e)
+                {
+                  header("X-Weave-Backoff: 1800");
+                  log_error($e->getMessage(), $e->getCode());
+                  report_problem($e->getMessage(), $e->getCode());
+                }
             }
             else
             {