diff --git a/config.lua b/config.lua
index 784115c..0df3b3d 100644
--- a/config.lua
+++ b/config.lua
@@ -1,8 +1,7 @@
 server = {
 	port = 3118,
 	debug = false,
-	log_level = "info",
-	http_logging = false
+	http_logging = true
 }
 
 runner = {
diff --git a/data/dk.db b/data/dk.db
index 35bf423..4a00f91 100644
Binary files a/data/dk.db and b/data/dk.db differ
diff --git a/fs/templates/auth/login.html b/fs/templates/auth/login.html
new file mode 100644
index 0000000..37c6aa2
--- /dev/null
+++ b/fs/templates/auth/login.html
@@ -0,0 +1,5 @@
+<form method="post">
+	<input type="text" name="username" placeholder="Username">
+	<input type="password" name="password">
+	<button type="submit">Login</button>
+</form>
diff --git a/moonshark b/moonshark
index d597451..442c5f1 100755
Binary files a/moonshark and b/moonshark differ
diff --git a/routes/auth/login/get.lua b/routes/auth/login/get.lua
deleted file mode 100644
index e69de29..0000000
diff --git a/routes/auth/login/post.lua b/routes/auth/login/post.lua
deleted file mode 100644
index e69de29..0000000
diff --git a/routes/auth/register/post.lua b/routes/auth/register/post.lua
deleted file mode 100644
index e69de29..0000000
diff --git a/routes/get.lua b/routes/get.lua
index 85e4fe3..2b82071 100644
--- a/routes/get.lua
+++ b/routes/get.lua
@@ -1 +1,5 @@
-return "Hello world!"
+if session.get("logged_in") then
+	return "Hello, "..session.get("user_id").."!"
+else
+	return "Hello, guest!"
+end
diff --git a/routes/auth/register/get.lua b/routes/login/get.lua
similarity index 58%
rename from routes/auth/register/get.lua
rename to routes/login/get.lua
index ec340b3..352425d 100644
--- a/routes/auth/register/get.lua
+++ b/routes/login/get.lua
@@ -1,6 +1,6 @@
 local base_template = fs.read("templates/base.html")
-local login_form = fs.read("templates/auth/register.html")
+local login_form = fs.read("templates/auth/login.html")
 return send.html(render(base_template, {
-	title = "Register",
+	title = "Login",
 	content = login_form
-}))
\ No newline at end of file
+}))
diff --git a/routes/login/post.lua b/routes/login/post.lua
new file mode 100644
index 0000000..0010a41
--- /dev/null
+++ b/routes/login/post.lua
@@ -0,0 +1,31 @@
+local db = sqlite("dk")
+
+local username = string.trim(ctx.form.username)
+if username == "" or not db:exists("users", "username = :u", {u = username}) then
+	return "username required and must exist"
+end
+
+if ctx.form.password == "" then
+	return "password required"
+end
+
+local user_row = db:get_one("SELECT id, username, password, auth_level FROM users WHERE username = :u", {u = username})
+if not password.verify(ctx.form.password, user_row.password) then
+	return "wrong username or password"
+end
+
+local token = util.generate_token()
+local expires = os.time() + (30 * 24 * 60 * 60) -- 30 days
+db:insert("user_sessions", {
+	user_id = user_row.id,
+	token = token,
+	expires = expires
+})
+
+cookie.set("dkauth", token, { expires = expires })
+
+session.set("logged_in", true)
+session.set("user_id", user_row.id)
+session.set("auth_level", user_row.auth_level)
+
+return "Logged in!"
diff --git a/routes/register/get.lua b/routes/register/get.lua
new file mode 100644
index 0000000..12d543d
--- /dev/null
+++ b/routes/register/get.lua
@@ -0,0 +1,6 @@
+local base_template = fs.read("templates/base.html")
+local register_form = fs.read("templates/auth/register.html")
+return send.html(render(base_template, {
+	title = "Register",
+	content = register_form
+}))
diff --git a/routes/register/post.lua b/routes/register/post.lua
new file mode 100644
index 0000000..7a97e20
--- /dev/null
+++ b/routes/register/post.lua
@@ -0,0 +1,24 @@
+local db = sqlite("dk")
+
+local username = string.trim(ctx.form.username)
+if username == "" or db:exists("users", "username = :u", {u = username}) then
+	return "username required and must be unique"
+end
+
+local email = string.trim(ctx.form.email)
+if util.sanitize_email(email) == "" or db:exists("users", "email = :e", {e = email}) then
+	return "email required, must be valid format, and must be unique"
+end
+
+if ctx.form.password == "" then
+	return "password required"
+end
+
+db:insert("users", {
+	username = username,
+	email = email,
+	password = password.hash(ctx.form.password),
+	attributes_id = 0
+})
+
+return "Account registered!"
diff --git a/setup_database.lua b/setup_database.lua
index aaa3ce2..39bc9a5 100644
--- a/setup_database.lua
+++ b/setup_database.lua
@@ -252,8 +252,14 @@ db:create_table("user_inventories",
 	"stack   INTEGER NOT NULL DEFAULT 1"
 )
 
+db:create_table("user_sessions",
+	"user_id INTEGER NOT NULL",
+	"token   TEXT NOT NULL",
+	"expires INTEGER NOT NULL"
+)
+
 db:commit()
 
 local time = math.roundto(microtime(true) - start, 4)
-print(iparse("Database setup in <!> seconds.", {time}))
+print(iparse("Database setup in {{{}}} seconds.", {time}))
 return true