diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index f6e1a95..1bc0e20 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -8,6 +8,7 @@ class AdminController < ApplicationController
         AdminSetting.set(key, value)
       end
     end
+    flash.now[:notice] = 'Admin settings updated.'
     render 'index'
   end
 end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index ef8f363..ea6c5a2 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -9,8 +9,20 @@ class UsersController < ApplicationController
 
   def login
     if request.post?
-      # do user login logic
-      redirect_to root_url
+      if params[:username].nil? || params[:username].empty? ||
+         params[:password].nil? || params[:password].empty?
+        flash.now[:alert] = 'Both a character name and password are required.'
+        render 'login' and return
+      end
+      user = User.find_by(name: params[:username])
+      if user.nil? || !user.authenticate(params[:password])
+        flash.now[:alert] = 'Incorrect character name or password.'
+        render 'login' and return
+      end
+
+      flash.now[:alert] = 'Login successful.'
+      render 'login' and return
+      # redirect_to root_url
     end
   end
 
@@ -20,4 +32,10 @@ class UsersController < ApplicationController
       redirect_to root_url
     end
   end
+
+  def reset
+    if request.post?
+      # do user reset logic
+    end
+  end
 end
diff --git a/app/views/shared/_header.html.erb b/app/views/shared/_header.html.erb
index 11c671a..f3e8142 100644
--- a/app/views/shared/_header.html.erb
+++ b/app/views/shared/_header.html.erb
@@ -6,10 +6,13 @@
     </span>
   <% end %>
   <span id="user-links">
-    <%= link_to "Signup", controller: "users", action: "signup" %>
+    <%= link_to 'Signup', controller: 'users', action: 'signup' %>
     &bull;
-    <%= link_to "Login", controller: "users", action: "login" %>
+    <%= link_to 'Login', controller: 'users', action: 'login' %>
     &bull;
-    <%= link_to "Admin", controller: "admin", action: "index" %>
+    <%= link_to 'Admin', controller: 'admin', action: 'index' %>
   </span>
 </header>
+<% flash.each do |name, msg| %>
+  <div class="flash">FLASH: <%= name %>: <%= msg %></div>
+<% end %>
diff --git a/app/views/users/login.html.erb b/app/views/users/login.html.erb
index 89aead2..8f3b679 100644
--- a/app/views/users/login.html.erb
+++ b/app/views/users/login.html.erb
@@ -5,7 +5,17 @@
 <%= form_tag do %>
   <table>
     <tr>
+      <td><%= label_tag('username', 'Character name') %></td>
+      <td><%= text_field_tag('username') %></td>
+    </tr>
+    <tr>
+      <td><%= label_tag('password', 'Password') %></td>
+      <td><%= password_field_tag('password') %></td>
+    </tr>
+    <tr>
       <td colspan="2"><%= submit_tag('Login') %></td>
     </tr>
   </table>
 <% end %>
+
+<p><%= link_to "Forgot your password?", controller: 'users', action: 'reset' %></p>
diff --git a/app/views/users/reset.html.erb b/app/views/users/reset.html.erb
new file mode 100644
index 0000000..bc25b3d
--- /dev/null
+++ b/app/views/users/reset.html.erb
@@ -0,0 +1,15 @@
+<% provide(:title, 'Reset Password') %>
+
+<h1>Reset Password</h1>
+
+<%= form_tag do %>
+  <table>
+    <tr>
+      <td><%= label_tag('email', 'Email address') %></td>
+      <td><%= email_field_tag('email') %></td>
+    </tr>
+    <tr>
+      <td colspan="2"><%= submit_tag('Send password reset email') %></td>
+    </tr>
+  </table>
+<% end %>
diff --git a/config/routes.rb b/config/routes.rb
index a32935c..f6b49aa 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -7,6 +7,8 @@ Rails.application.routes.draw do
   post '/login'  => 'users#login'
   get  '/logout' => 'users#logout'
   post '/logout' => 'users#logout'
+  get  '/reset'  => 'users#reset'
+  post '/reset'  => 'users#reset'
 
   get  '/admin'  => 'admin#index'
   post '/admin'  => 'admin#update'