diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 0000000..52f3d37
Binary files /dev/null and b/.DS_Store differ
diff --git a/app/.DS_Store b/app/.DS_Store
new file mode 100644
index 0000000..ff4b7a1
Binary files /dev/null and b/app/.DS_Store differ
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index dbcde11..c3ef57b 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,28 +1,54 @@
 #encoding: utf-8
 class UsersController < ApplicationController
   def register
+      @user = User.new
+      render 'register', layout: 'register'
     
   end
 
   def register_confirm
+      @user = User.new params.require(:user).permit(:username,:email,:password,:password_confirmation)
+      if @user.save
+          to_login @user
+          redirect_to root_path
+      else
+          render 'register', layout: 'register'
+      end
     
   end
 
   def login
-    
+      return redirect_to(login_path(from: referer)) unless params[:from].present?
+      @user = User.new
+      render 'login', layout: 'register'
   end
 
   def login_confirm
+      @user = User.find_by username: params[:user][:username]
+      if @user && @user.check_password(params[:user][:password])
+          to_login @user
+          @user.update_attribute :last_login_time, DateTime.now
+          redirect_to (params[:from].present? ? params[:from] : root_path)
+      else
+          flash[:error] = '用户名或密码错误'
+          render 'login', layout: 'register'
+      end
+  rescue
+      flash[:error] = '用户名或密码错误'
+      render 'login', layout: 'register'
     
   end
 
   def logout
+      session[:user_id] = nil
+      redirect_to referer
     
   end
 
   protected
 
   def to_login(user)
+      session[:user_id] = user.id
    
   end
-end
\ No newline at end of file
+end
diff --git a/app/models/user.rb b/app/models/user.rb
index e029173..fdbe3e4 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -9,5 +9,27 @@ class User < ActiveRecord::Base
   validates :email, format: {with: /\A[a-zA-Z0-9\-]+@[a-zA-Z0-9-]+\.(org|com|cn|io|net|cc|me)\z/}, uniqueness: true
   validates :password, length: {minimum: 6}, confirmation: true, if: :need_valid_password?
   validates :nick_name, length: {minimum: 2, maximum: 20}, uniqueness: true, if: 'nick_name.present?'
+  def nickname
+      self.nick_name || self.username
+  end
 
+  def set_admin
+      self.admin = 0 unless self.admin.present?
+  end
+
+  def check_password(password)
+      self.authenticate(password)
+  end
+
+  def update_last_reply_time
+      self.update_attribute last_reply_time: DateTime.now
+  end
+
+  def can_reply?
+      (DateTime.now.to_i - self.last_reply_time.to_i) > 60
+  end
+
+  def need_valid_password?
+      new_record? || password.present?
+  end
 end
diff --git a/app/views/users/_form.html.haml b/app/views/users/_form.html.haml
new file mode 100755
index 0000000..7859877
--- /dev/null
+++ b/app/views/users/_form.html.haml
@@ -0,0 +1,14 @@
+- method = action == 'update' ? 'put' : 'post'
+- submit_url = case action; when 'register'; register_confirm_users_path; when 'login'; login_confirm_users_path; when 'update'; user_path(@user); end
+= form_for @user, method: method, url: submit_url, role: 'form' do |f|
+  .form-field.form-group
+    = f.text_field :username, placeholder: '用户名', class: 'form-control username', required: true
+  .form-field.form-group
+    = f.text_field :email, placeholder: '邮箱', class: 'form-control email', required: true
+  .form-field.form-group
+    = f.password_field :password, placeholder: '密码，最少6位', class: 'form-control password', required: true
+  .form-field.form-group
+    = f.password_field :password_confirmation, placeholder: '确认密码', class: 'form-control password', required: true
+  = submit_tag '注册', class: 'btn btn-primary btn-lg'
+  .action-wrapper
+    = link_to '已有账号？', login_path
\ No newline at end of file
diff --git a/app/views/users/login.html.haml b/app/views/users/login.html.haml
new file mode 100755
index 0000000..0340601
--- /dev/null
+++ b/app/views/users/login.html.haml
@@ -0,0 +1,28 @@
+%section.content
+  .form-unit
+    = link_to root_path, class: 'brand' do
+      %h1 Blog
+    %h3 用户登录
+    - errors = @user ? @user.errors.full_messages : []
+    - if errors.any?
+      .alert.alert-danger
+        %a.close{"data-dismiss"=>"alert"} &times;
+        %span
+          = errors.first
+    - if flash[:success].present?
+      .alert.alert-success
+        %a.close{"data-dismiss"=>"success"} &times;
+        %span
+          = flash[:success]
+    - elsif flash[:error].present?
+      .alert.alert-danger
+        %a.close{"data-dismiss"=>"alert"} &times;
+        %span= flash[:error]
+    = form_for :user, url: login_confirm_users_path, role: 'form' do |f|
+      .form-field.form-group
+        = f.text_field :username, placeholder: '用户名', class: 'form-control username', required: true
+      .form-field.form-group
+        = f.password_field :password, placeholder: '密码', class: 'form-control password', required: true
+      = submit_tag '登录', class: 'btn btn-primary btn-lg'
+      .action-wrapper
+        = link_to '没有账号？', register_path
\ No newline at end of file
diff --git a/app/views/users/register.html.haml b/app/views/users/register.html.haml
new file mode 100755
index 0000000..e3485df
--- /dev/null
+++ b/app/views/users/register.html.haml
@@ -0,0 +1,12 @@
+%section.content
+  .form-unit
+    = link_to root_path, class: 'brand' do
+      %h1 Blog
+    %h3 注册账号
+    - errors = @user.errors.full_messages
+    - if errors.any?
+      .alert.alert-danger
+        %a.close{"data-dismiss"=>"alert"} &times;
+        %span
+          = errors.first
+    = render partial: 'form', locals: {action: 'register'}
\ No newline at end of file
diff --git a/test/controllers/users_controller_test.rb b/test/controllers/users_controller_test.rb
new file mode 100644
index 0000000..7b3bfd4
--- /dev/null
+++ b/test/controllers/users_controller_test.rb
@@ -0,0 +1,64 @@
+require 'test_helper'
+require 'users_controller'
+
+class UserControllerTest < ActionController::TestCase 
+    setup do
+        @controller = UsersController.new
+        @user = User.new
+        @user.username = 'user1'
+        @user.email = '123456677@qq.com'
+        @user.password = '1234567890'
+        @user.password_confirmation = '1234567890'
+        @user.admin = 1
+        @user.save
+    end
+
+    test "register" do
+        get :register 
+        assert_response :success
+        assert_template :register
+        assert_template layout: "layouts/register"
+    end
+
+    test "register_confim_exist_user" do
+        post :register_confirm, :user => {:username => 'user1', :email => '1234566@qq.com', :password => 'password123', :password_confirmation => 'password123'}
+
+        assert_template :register
+        assert_template layout: "layouts/register"
+    end
+
+    test "register_confim_no_valid" do
+        post :register_confirm, :user => {:username => 'usertest', :email => '1234566@qq.com'}
+        assert_response :success
+        assert_template :register
+        assert_template layout: "layouts/register"
+    end
+
+    test "register_confim_new_user" do
+        post :register_confirm, :user => {:username => 'test1', :email => '234566@qq.com', :password => 'password123', :password_confirmation => 'password123'}
+        assert_not_nil session[:user_id]
+        assert_redirected_to root_path 
+    end
+
+    test "login" do
+        get :login, :from => "test"
+        assert_response :success
+        assert_template :login
+    end
+
+    test "logout" do
+        get :logout
+        assert_nil session[:user_id]
+    end
+
+    test "login_confim" do
+        post :login_confirm, :user => {:username => 'user1', :password => '1234567890'}
+        assert_redirected_to root_path
+    end
+
+    test "login_confim_wrong" do
+        post :login_confirm, :user => {:username => 'user1', :password => '123456000000'}
+        assert_response :success
+        assert_equal '用户名或密码错误', flash[:error]
+    end
+end