diff --git a/src/__init__.py b/src/__init__.py
index 6e69bf3..e9dc5a4 100644
--- a/src/__init__.py
+++ b/src/__init__.py
@@ -1,6 +1,6 @@
 import os
 
-from flask import Flask
+from flask import Flask, render_template
 
 
 def create_app(test_config=None):
@@ -21,9 +21,11 @@ def create_app(test_config=None):
     except OSError:
         pass
 
-    @app.route('/hello')
+    @app.route('/')
     def hello():
-        return 'Hello, World!'
+        return render_template("index.html")
     from . import db
     db.init_app(app)
+    from . import auth
+    app.register_blueprint(auth.bp)
     return app
\ No newline at end of file
diff --git a/src/auth.py b/src/auth.py
new file mode 100644
index 0000000..0e816a9
--- /dev/null
+++ b/src/auth.py
@@ -0,0 +1,82 @@
+import functools
+from flask import Blueprint, flash, g, redirect, render_template, request, session, url_for
+from werkzeug.security import check_password_hash
+from src.db import get_db
+
+bp = Blueprint('auth', __name__, url_prefix='/auth')
+
+@bp.route('/loginuser', methods=('GET', 'POST'))
+def loginuser():
+    if request.method == 'POST':
+        username = request.form['username']
+        password = request.form['password']
+        db = get_db()
+        error = None
+        user = db.execute(
+            'SELECT * FROM user WHERE user_name = ?', (username,)
+        ).fetchone()
+
+        if user is None:
+            error = '用户名不存在'
+        elif not check_password_hash(user['user_passwd'], password):
+            error = '密码错误'
+
+        if error is None:
+            session.clear()
+            session['user_id'] = user['user_id']
+            return redirect(url_for('index'))
+
+        flash(error)
+
+    return render_template('auth/loginuser.html')
+
+@bp.route('/loginadmin', methods=('GET', 'POST'))
+def loginadmin():
+    if request.method == 'POST':
+        password = request.form['password']
+        db = get_db()
+        error = None
+        admin = db.execute('SELECT * FROM admin limit 1').fetchone()
+
+        if admin is None:
+            error = '用户名不存在'
+        elif not check_password_hash(admin['passwd'], password):
+            error = '密码错误'
+
+        if error is None:
+            session.clear()
+            session['user_id'] = 0
+            return redirect(url_for('admin'))
+        flash(error)
+    return render_template('auth/loginadmin.html')
+
+@bp.route('/login', methods=('GET', 'POST'))
+def login():
+    return render_template("auth/loginbase.html")
+
+@bp.before_app_request
+def load_logged_in_user():
+    user_id = session.get('user_id')
+
+    if user_id is None:
+        g.user = None
+    else:
+        g.user = get_db().execute(
+            'SELECT * FROM user WHERE user_id = ?', (user_id,)
+        ).fetchone()
+
+@bp.route('/logout')
+def logout():
+    session.clear()
+    return redirect(url_for('index'))
+
+
+def login_required(view):
+    @functools.wraps(view)
+    def wrapped_view(**kwargs):
+        if g.user is None:
+            return redirect(url_for('auth.login'))
+
+        return view(**kwargs)
+
+    return wrapped_view
\ No newline at end of file
diff --git a/src/db.py b/src/db.py
index 684e41e..6955350 100644
--- a/src/db.py
+++ b/src/db.py
@@ -1,6 +1,7 @@
 import sqlite3
 import click
 from flask import current_app, g
+from werkzeug.security import generate_password_hash
 
 def get_db():
     if 'db' not in g:
@@ -28,6 +29,9 @@ def init_db():
     click.echo("Initializing database triggers...")
     with current_app.open_resource('sql/trigger_sqlite.sql') as f:
         db.executescript(f.read().decode('utf8'))
+    click.echo("Initializing admin passwd...")
+    db.execute("insert into admin (passwd) values (?)", (generate_password_hash("lolicon"),))
+    db.commit()
     click.echo("Initialized database.")
 
 def init_app(app):
diff --git a/src/templates/auth/loginadmin.html b/src/templates/auth/loginadmin.html
new file mode 100644
index 0000000..85fbb23
--- /dev/null
+++ b/src/templates/auth/loginadmin.html
@@ -0,0 +1,14 @@
+{% extends 'base.html' %}
+
+{% block header %}
+  <h1>{% block title %}Log In{% endblock %}</h1>
+{% endblock %}
+
+{% block content %}
+  <form method="post">
+    <label for="username">Admin</label>
+    <label for="password">密码</label>
+    <input type="password" name="password" id="password" required>
+    <input type="submit" value="Log In">
+  </form>
+{% endblock %}
\ No newline at end of file
diff --git a/src/templates/auth/loginbase.html b/src/templates/auth/loginbase.html
new file mode 100644
index 0000000..2cdab94
--- /dev/null
+++ b/src/templates/auth/loginbase.html
@@ -0,0 +1,12 @@
+{% extends 'base.html' %}
+
+{% block header %}
+  <h1>{% block title %}在访问前，需要登陆{% endblock %}</h1>
+{% endblock %}
+
+{% block content %}
+  <ul>
+    <li><a href="{{ url_for('auth.loginadmin') }}">管理员登陆</a>
+    <li><a href="{{ url_for('auth.loginuser') }}">用户登陆</a>
+  </ul>
+{% endblock %}
\ No newline at end of file
diff --git a/src/templates/auth/loginuser.html b/src/templates/auth/loginuser.html
new file mode 100644
index 0000000..b7dd5dc
--- /dev/null
+++ b/src/templates/auth/loginuser.html
@@ -0,0 +1,15 @@
+{% extends 'base.html' %}
+
+{% block header %}
+  <h1>{% block title %}Log In{% endblock %}</h1>
+{% endblock %}
+
+{% block content %}
+  <form method="post">
+    <label for="username">Username</label>
+    <input name="username" id="username" required>
+    <label for="password">Password</label>
+    <input type="password" name="password" id="password" required>
+    <input type="submit" value="Log In">
+  </form>
+{% endblock %}
\ No newline at end of file
diff --git a/src/templates/base.html b/src/templates/base.html
new file mode 100644
index 0000000..8ef78ab
--- /dev/null
+++ b/src/templates/base.html
@@ -0,0 +1,24 @@
+<!doctype html>
+<title>{% block title %}{% endblock %} - DBProject</title>
+<!-- <link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}"> -->
+<nav>
+  <h1>BookManage</h1>
+  <ul>
+    {% if g.user %}
+      <li><span>{{ g.user['user_name'] }}</span>
+      <li><a href="{{ url_for('auth.logout') }}">登出</a>
+    {% else %}
+      <li><a href="{{ url_for('auth.loginadmin') }}">管理员登陆</a>
+      <li><a href="{{ url_for('auth.loginuser') }}">用户登陆</a>
+    {% endif %}
+  </ul>
+</nav>
+<section class="content">
+  <header>
+    {% block header %}{% endblock %}
+  </header>
+  {% for message in get_flashed_messages() %}
+    <div class="flash">{{ message }}</div>
+  {% endfor %}
+  {% block content %}{% endblock %}
+</section>
\ No newline at end of file
diff --git a/src/templates/index.html b/src/templates/index.html
index b39e329..b18a12d 100644
--- a/src/templates/index.html
+++ b/src/templates/index.html
@@ -8,8 +8,8 @@
 <h1>简单的电子书归档系统</h1>
 <div>
     <p>首先需要登陆</p>
-    <a href="/loginuser">用户登陆</a>
-    <a href="/loginadmin">管理员登陆</a>
+    <a href="/auth/loginuser">用户登陆</a>
+    <a href="/auth/loginadmin">管理员登陆</a>
 </div>
 </body>
 </html>
\ No newline at end of file