diff --git a/app.py b/app.py
index 86b483a..277b549 100644
--- a/app.py
+++ b/app.py
@@ -1,6 +1,8 @@
 from flask import Flask, redirect, url_for, render_template, request, flash
-from models import db, Contact
+from models import db, Contact, User
 from forms import ContactForm
+from flask_login import LoginManager, current_user, login_user, login_required
+
 
 # Flask
 app = Flask(__name__)
@@ -8,13 +10,46 @@ app.config['SECRET_KEY'] = 'my secret'
 app.config['DEBUG'] = False
 
 # Database
-app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///book.sqlite'
-# app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql+pymysql://root@localhost/book'
+# app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///book.sqlite'
+app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql+pymysql://root:123456@localhost/hp'
 app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
 db.init_app(app)
 
+# Login
+login_manager = LoginManager()
+login_manager.init_app(app)
+password = 'sintow2020@'
+
+
+@login_manager.user_loader    
+#使用user_loader装饰器的回调函数非常重要，他将决定 user 对象是否在登录状态
+def user_loader(id):          
+    #这个id参数的值是在 login_user(user)中传入的 user 的 id 属性
+    user = User()
+    return user
+
+
+@app.route('/login', methods=['GET', 'POST'])
+def login():
+    if request.method == 'GET':
+        return '''
+        <form action="#" method="POST">
+            <span>请输入账号</span>
+            <input type="text" name="name" id="name" placeholder="name">
+            <span>请输入密码</span>
+            <input type="password" name="pw" id="pw" placeholder="password">
+            <input type="submit" name="submit">
+       </form>
+        '''
+    name = request.form.get('name')
+    if request.form.get('pw') == password:
+        user = User()
+        login_user(user)
+        return redirect(url_for('index'))
+    return redirect(url_for('login'))
 
 @app.route("/")
+@login_required
 def index():
     '''
     Home page
@@ -23,6 +58,7 @@ def index():
 
 
 @app.route("/new_contact", methods=('GET', 'POST'))
+@login_required
 def new_contact():
     '''
     Create new contact
@@ -37,14 +73,15 @@ def new_contact():
             # User info
             flash('Contact created correctly', 'success')
             return redirect(url_for('contacts'))
-        except:
+        except Exception as ex:
             db.session.rollback()
-            flash('Error generating contact.', 'danger')
+            flash('Error generating contact. {}'.format(ex), 'danger')
 
     return render_template('web/new_contact.html', form=form)
 
 
 @app.route("/edit_contact/<id>", methods=('GET', 'POST'))
+@login_required
 def edit_contact(id):
     '''
     Edit contact
@@ -70,6 +107,7 @@ def edit_contact(id):
 
 
 @app.route("/contacts")
+@login_required
 def contacts():
     '''
     Show alls contacts
@@ -79,6 +117,7 @@ def contacts():
 
 
 @app.route("/search")
+@login_required
 def search():
     '''
     Search
@@ -91,6 +130,7 @@ def search():
 
 
 @app.route("/contacts/delete", methods=('POST',))
+@login_required
 def contacts_delete():
     '''
     Delete contact
@@ -108,4 +148,4 @@ def contacts_delete():
 
 
 if __name__ == "__main__":
-    app.run(host="0.0.0.0")
+    app.run(host="0.0.0.0", port=5002, debug=True)
diff --git a/forms.py b/forms.py
index 164e00b..da67dd2 100644
--- a/forms.py
+++ b/forms.py
@@ -4,7 +4,10 @@ from wtforms.validators import DataRequired, Email, Length
 
 
 class ContactForm(FlaskForm):
-    name = StringField('Name', validators=[DataRequired(), Length(min=-1, max=80, message='You cannot have more than 80 characters')])
-    surname = StringField('Surname', validators=[Length(min=-1, max=100, message='You cannot have more than 100 characters')])
-    email = StringField('E-Mail', validators=[Email(), Length(min=-1, max=200, message='You cannot have more than 200 characters')])
-    phone = StringField('Phone', validators=[Length(min=-1, max=20, message='You cannot have more than 20 characters')])
+    name = StringField('用户名', validators=[DataRequired(), Length(min=-1, max=30, message='用户名需要控制在30个字符以内')])
+    password = StringField('密码1（公开）', validators=[DataRequired(), Length(min=-1, max=30, message='密码1（公开）需要控制在30个字符以内')])
+    password2 = StringField('密码2（内部）', validators=[DataRequired(), Length(min=-1, max=30, message='密码2（内部）需要控制在30个字符以内')])
+
+   # surname = StringField('Surname', validators=[Length(min=-1, max=100, message='You cannot have more than 100 characters')])
+    # email = StringField('E-Mail', validators=[Email(), Length(min=-1, max=200, message='You cannot have more than 200 characters')])
+    # phone = StringField('Phone', validators=[Length(min=-1, max=20, message='You cannot have more than 20 characters')])
diff --git a/models.py b/models.py
index 51d3b0a..1fb5162 100644
--- a/models.py
+++ b/models.py
@@ -8,15 +8,21 @@ app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
 db = SQLAlchemy(app)
 
 class Contact(db.Model):
-
-
-    __tablename__ = 'contacts'
-
+    __tablename__ = 't_user'
     id = db.Column(db.Integer, primary_key=True)
-    name = db.Column(db.String(80), nullable=False)
-    surname = db.Column(db.String(100), nullable=True)
-    email = db.Column(db.String(200), nullable=True, unique=True)
-    phone = db.Column(db.String(20), nullable=True, unique=False)
+    name = db.Column(db.String(30), nullable=True)
+    password = db.Column(db.String(30), nullable=True)
+    password2 = db.Column(db.String(30), nullable=True)
 
     def __repr__(self):
         return '<Contacts %r>' % self.name
+
+class User():
+    id = 1
+    username = 'admin'
+    password = 'na'
+    is_active = True
+    is_authenticated = True
+
+    def get_id(id):
+        return 1
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index 5706461..3e67dd0 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,7 +1,20 @@
+click==7.1.2
+dnspython==2.0.0
+email-validator==1.1.1
 Faker==0.7.11
 Flask==1.0
+Flask-Login==0.5.0
 Flask-SQLAlchemy==2.2
 Flask-WTF==0.14.2
-gunicorn
-Werkzeug==0.16
-email_validator
+gunicorn==20.0.4
+idna==2.10
+itsdangerous==1.1.0
+Jinja2==2.11.2
+MarkupSafe==1.1.1
+pkg-resources==0.0.0
+PyMySQL==0.10.1
+python-dateutil==2.8.1
+six==1.15.0
+SQLAlchemy==1.3.20
+Werkzeug==0.16.0
+WTForms==2.3.3
diff --git a/templates/layouts/master.html b/templates/layouts/master.html
index 6edf0a9..c9694d2 100644
--- a/templates/layouts/master.html
+++ b/templates/layouts/master.html
@@ -19,18 +19,18 @@
 			<span class="icon-bar"></span>
 			<span class="icon-bar"></span>
 		  </button>
-		  <a class="navbar-brand" href="/">Contact Manager</a>
+		  <a class="navbar-brand" href="/">用户管理</a>
 		</div>
 		<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
 			<form action="{{ url_for('search') }}" method="get" class="navbar-form navbar-left">
 			<div class="form-group">
-			  <input type="text" name="name" class="form-control" placeholder="Name...">
+			  <input type="text" name="name" class="form-control" placeholder="请输入用户名...">
 			</div>
-			<button type="submit" class="btn btn-default">Search</button>
+			<button type="submit" class="btn btn-default">查询</button>
 		  </form>
 		  <ul class="nav navbar-nav navbar-right">
-			  <li><a href="{{ url_for('new_contact') }}">New</a></li>
-			  <li><a href="{{ url_for('contacts') }}">View contacts</a></li>
+			  <li><a href="{{ url_for('new_contact') }}">新建</a></li>
+			  <li><a href="{{ url_for('contacts') }}">阅览全部</a></li>
 		  </ul>
 		</div>
 	  </div>
diff --git a/templates/web/contacts.html b/templates/web/contacts.html
index ff4aa6e..c52ffa2 100644
--- a/templates/web/contacts.html
+++ b/templates/web/contacts.html
@@ -5,10 +5,9 @@
 <table class="table table-hover">
 	<thead>
 		<tr>
-			<th scope="col">Name</th>
-			<th scope="col">Surname</th>
-			<th scope="col">E-Mail</th>
-			<th scope="col">Phone</th>
+			<th scope="col">用户名</th>
+			<th scope="col">密码1（公开）</th>
+			<th scope="col">密码2（内部）</th>
 			<td></td>
 		</tr>
 	</thead>
@@ -16,16 +15,15 @@
 	{% for contact in contacts %}
 		<tr>
 			<td>{{ contact.name }}</td>
-			<td>{{ contact.surname }}</td>
-			<td>{{ contact.email }}</td>
-			<td>{{ contact.phone }}</td>
+			<td>{{ contact.password }}</td>
+			<td>{{ contact.password2 }}</td>
 			<td class="text-right">
 				<div class="row">
 					<form action="{{ url_for('contacts_delete') }}" method="post" class="pull-right">
 						<input type="hidden" name="id" value="{{ contact.id }}">
-						<input type="submit" class="btn btn-danger" data-toggle="confirmation" {# data-title="¿Estas seguro?" #} value="Delete">
+						<input type="submit" class="btn btn-danger" data-toggle="confirmation" {# data-title="¿Estas seguro?" #} value="删除"">
 					</form>
-					<a class="btn btn-primary pull-right" href="{{ url_for('edit_contact', id=contact.id) }}">Edit</a>
+					<a class="btn btn-primary pull-right" href="{{ url_for('edit_contact', id=contact.id) }}">修改</a>
 				</div>
 			</td>
 		</tr>

Name	Surname	E-Mail	Phone	用户名	密码1（公开）	密码2（内部）
{{ contact.name }}	{{ contact.surname }}	{{ contact.email }}	{{ contact.phone }}	{{ contact.password }}	{{ contact.password2 }}	- + - Edit + 修改