diff --git a/Gemfile b/Gemfile
index 6535ffa..b5b160d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -21,7 +21,7 @@ gem 'jbuilder', '~> 2.7'
 # Use Redis adapter to run Action Cable in production
 # gem 'redis', '~> 4.0'
 # Use Active Model has_secure_password
-# gem 'bcrypt', '~> 3.1.7'
+ gem 'bcrypt', '~> 3.1.7'
 
 # Use Active Storage variant
 # gem 'image_processing', '~> 1.2'
diff --git a/Gemfile.lock b/Gemfile.lock
index 15bdfd6..c307c0d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -62,6 +62,7 @@ GEM
       zeitwerk (~> 2.3)
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
+    bcrypt (3.1.16)
     bindex (0.8.1)
     bootsnap (1.7.3)
       msgpack (~> 1.0)
@@ -205,6 +206,7 @@ PLATFORMS
   x86_64-darwin-20
 
 DEPENDENCIES
+  bcrypt (~> 3.1.7)
   bootsnap (>= 1.4.4)
   byebug
   capybara (>= 3.26)
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 09705d1..b94b3bc 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,2 +1,18 @@
 class ApplicationController < ActionController::Base
+  before_action :authorized
+  helper_method :current_user
+  helper_method :logged_in?
+
+  def current_user
+    User.find_by(id: session[:user_id])
+  end
+
+  def logged_in?
+    !current_user.nil?
+  end
+
+  def authorized
+   redirect_to '/welcome' unless logged_in?
+  end
+
 end
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
new file mode 100644
index 0000000..0146b09
--- /dev/null
+++ b/app/controllers/sessions_controller.rb
@@ -0,0 +1,37 @@
+class SessionsController < ApplicationController
+  skip_before_action :authorized, only: [:new, :create, :welcome]
+
+  def new
+  end
+
+  def create
+    @user = User.find_by(username: params[:username])
+    if @user && @user.authenticate(params[:password])
+      session[:user_id] = @user.id
+      redirect_to welcome_path
+    else
+      flash[:warning] = "The username or password is incorrect:/"
+      redirect_to login_path
+    end
+  end
+
+  def login
+  end
+
+  def welcome
+  end
+
+  def page_requires_login
+
+  end
+
+  def destroy
+    #clear the sessions[:user_id]
+    puts session[:user_id]
+    session.delete(:user_id)
+    #params[:id] = nil
+    #redirect the user back to the welcome page
+
+    redirect_to '/welcome'
+  end
+end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
new file mode 100644
index 0000000..bf95d64
--- /dev/null
+++ b/app/controllers/users_controller.rb
@@ -0,0 +1,28 @@
+class UsersController < ApplicationController
+  skip_before_action :authorized, only: [:new, :create, :show]
+
+  def new
+    @user = User.new
+  end
+
+  def show
+
+  end
+
+  def create
+   @user = User.new(user_params)
+   if @user.save
+     session[:user_id] = @user.id
+     redirect_to welcome_path
+   else
+     flash[:warning] = "Please try again"
+     redirect_to new_user_path
+   end
+  end
+
+  private
+
+  def user_params
+    params.require(:user).permit(:unique_id, :username, :password)
+  end
+end
diff --git a/app/controllers/welcome_controller.rb b/app/controllers/welcome_controller.rb
index f9b859b..79df9a7 100644
--- a/app/controllers/welcome_controller.rb
+++ b/app/controllers/welcome_controller.rb
@@ -1,4 +1,6 @@
 class WelcomeController < ApplicationController
+  skip_before_action :authorized, only: [:index]
+
   def index
   end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
new file mode 100644
index 0000000..917e883
--- /dev/null
+++ b/app/models/user.rb
@@ -0,0 +1,6 @@
+class User < ApplicationRecord
+     has_secure_password
+
+     validates :username, presence: true, uniqueness: true
+     validates :password, presence: true
+end
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index ffa9ec0..4464b9a 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -11,8 +11,18 @@
   </head>
 
   <body>
-    <h1>This is the application.html.erb file</h1>
-    <p>all code below this is written in app/views/welcome/index.html.erb</p>
+    <div>
+      <h2>Oh, hai!</h2>
+      <% if logged_in? %>
+          <h3>You are logged in, <%= current_user.username %>, and it's great you stopped by to say hello. Logout IF YOU MUST</h3>
+          <%= button_to "Logout", '/logout', method: :post%>
+      <% else %>
+        <h3>It's nice to see you: login or sign up.</h3>
+        <%= button_to "Login", login_path, method: :get%>
+        <%= button_to "Sign Up", new_user_path, method: :get%>
+      <% end %>
+      <br/>
+    </div>
     <%= yield %>
   </body>
 </html>
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
new file mode 100644
index 0000000..0c89e44
--- /dev/null
+++ b/app/views/sessions/new.html.erb
@@ -0,0 +1,12 @@
+<% if flash[:warning] %>
+    <div class="notice"><%= flash[:warning] %></div>
+<% end %>
+
+<h1>Login</h1>
+   <%= form_tag '/login' do %>
+   <%= label_tag :username%>
+   <%= text_field_tag :username %>
+   <%= label_tag :password%>
+   <%= password_field_tag :password%>
+   <%= submit_tag "Login"%>
+<% end %>
diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb
new file mode 100644
index 0000000..f96f83c
--- /dev/null
+++ b/app/views/users/new.html.erb
@@ -0,0 +1,12 @@
+<% if flash[:warning] %>
+    <div class="notice"><%= flash[:warning] %></div>
+<% end %>
+
+<h1>Sign Up</h1>
+<%= form_for @user do |f|%>
+  <%= f.label :username%><br>
+  <%= f.text_field :username%><br>
+  <%= f.label :password%><br>
+  <%= f.password_field :password%><br>
+  <%= f.submit %>
+<%end%>
diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
new file mode 100644
index 0000000..acf8830
--- /dev/null
+++ b/app/views/users/show.html.erb
@@ -0,0 +1 @@
+<h1>nothing yet</h1>
diff --git a/app/views/welcome/index.html.erb b/app/views/welcome/index.html.erb
index e30027e..9c591b7 100644
--- a/app/views/welcome/index.html.erb
+++ b/app/views/welcome/index.html.erb
@@ -6,6 +6,8 @@
     <div id="mainTitle">Lorem ipsum</div>
   </div>
 
+  
+
   <div id="secondHeader"> <div class="showOffText">News slide thing?!</div> </div>
 
   <div id="mainContent">
diff --git a/config/routes.rb b/config/routes.rb
index ba88bcf..8b650f2 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -4,4 +4,12 @@
 
   get "/welcome", to: "welcome#index"
   get "/demopage", to: "demopage#index"
+
+  resources :users, only: [:new, :create, :show]
+
+  get 'login', to: 'sessions#new'
+  post 'login', to: 'sessions#create'
+  post 'logout', to: 'sessions#destroy'
+  get 'welcome', to: 'sessions#welcome'
+  get 'authorized', to: 'sessions#page_requires_login'
 end
diff --git a/db/migrate/20210607024751_create_users.rb b/db/migrate/20210607024751_create_users.rb
new file mode 100644
index 0000000..db193d6
--- /dev/null
+++ b/db/migrate/20210607024751_create_users.rb
@@ -0,0 +1,10 @@
+class CreateUsers < ActiveRecord::Migration[6.1]
+  def change
+    create_table :users do |t|
+      t.string :username
+      t.string :password
+
+      t.timestamps
+    end
+  end
+end
diff --git a/db/migrate/20210607030403_rename_password_to_password_digest.rb b/db/migrate/20210607030403_rename_password_to_password_digest.rb
new file mode 100644
index 0000000..4d08910
--- /dev/null
+++ b/db/migrate/20210607030403_rename_password_to_password_digest.rb
@@ -0,0 +1,7 @@
+class RenamePasswordToPasswordDigest < ActiveRecord::Migration[6.1]
+  def change
+    change_table :users do |t|
+      t.rename :password, :password_digest
+    end
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
new file mode 100644
index 0000000..e2aec05
--- /dev/null
+++ b/db/schema.rb
@@ -0,0 +1,25 @@
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# This file is the source Rails uses to define your schema when running `bin/rails
+# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to
+# be faster and is potentially less error prone than running all of your
+# migrations from scratch. Old migrations may fail to apply correctly if those
+# migrations use external dependencies or application code.
+#
+# It's strongly recommended that you check this file into your version control system.
+
+ActiveRecord::Schema.define(version: 2021_06_07_030403) do
+
+  # These are extensions that must be enabled in order to support this database
+  enable_extension "plpgsql"
+
+  create_table "users", force: :cascade do |t|
+    t.string "username"
+    t.string "password_digest"
+    t.datetime "created_at", precision: 6, null: false
+    t.datetime "updated_at", precision: 6, null: false
+  end
+
+end