diff --git a/App/Controllers/Home.php b/App/Controllers/Home.php
index 8199250..19d288d 100644
--- a/App/Controllers/Home.php
+++ b/App/Controllers/Home.php
@@ -2,9 +2,18 @@
 namespace App\Controllers;
 
 use Core\View;
+use App\Models\Access;
+use Core\Token;
+use Core\Session;
+use Core\Redirect;
 
 class Home
 {
+    private $access;
+    public function __construct()
+    {
+        $this->access = new Access();
+    }
     public function index()
     {
         // echo "This is index of home"; // Nanti di replace sama twig view ke App\Views\Data\pengumuman.html
@@ -16,7 +25,20 @@ class Home
     public function login()
     {
         // echo "You have to login"; // Nanti di replace sama twig view ke App\Views\Access\login.html
-        View::render('Access/login.html');
+        View::render('Access/login.html', [
+            'token' => Token::generate()
+        ]);
         return true;
     }
+
+    public function put($args = [])
+    {
+        if ($this->access->login($args)) {
+            $table = 'user';
+            $id = Session::get('userid');
+            if ($this->access->update($table, ['status' => 1], $id)) {
+                Redirect::to('/');
+            }
+        }
+    }
 }
diff --git a/App/Models/Access.php b/App/Models/Access.php
index 3e959ac..20f0bde 100644
--- a/App/Models/Access.php
+++ b/App/Models/Access.php
@@ -11,8 +11,10 @@ class Access extends \Core\Model
                 'id int(3) NOT NULL AUTO_INCREMENT',
                 'username varchar(25) NOT NULL',
                 'password char(13)',
+                'salt char(23)',
                 'name varchar(50)',
                 'registered_at timestamp DEFAULT CURRENT_TIMESTAMP',
+                'status tinyint DEFAULT 1',
                 'PRIMARY KEY (id)'
             ]
         );
@@ -46,7 +48,7 @@ class Access extends \Core\Model
 
             if ($query->execute([$id])) {
                 if ($query->rowCount() === 1) {
-                    $result = $query->fetchAll(\PDO::FETCH_ASSOC);
+                    $result = $query->fetch(\PDO::FETCH_ASSOC);
                     return $result;
                 }
             }
@@ -55,4 +57,46 @@ class Access extends \Core\Model
             echo $e->getMessage();
         }
     }
+
+    public function login($args = [])
+    {
+        try {
+            $username = $args['username'];
+            $password = $args['password'];
+
+            $db = static::connectDB();
+
+            $sql = "SELECT id, password, salt FROM user WHERE username = ?";
+
+            $query = $db->prepare($sql);
+            $query->bindValue(1, $username);
+
+            if ($query->execute()) {
+                if ($query->rowCount() === 1) {
+                    $result = $query->fetch(\PDO::FETCH_ASSOC);
+
+                    $id = $result['id'];
+                    $salt = $result['salt'];
+                    $hash = $result['password'];
+
+                    if (\Core\Hash::compare($password, $salt, $hash)) {
+                        $user = $this->showSingle($id);
+
+                        \Core\Session::put('userid', $user['id']);
+                        \Core\Session::put('username', $user['username']);
+                        \Core\Session::put('name', $user['name']);
+
+                        $user_now = $user['username'];
+
+                        \Core\Session::flash('info', "$user_now logged in");
+
+                        return true;
+                    }
+                }
+            }
+            return false;
+        } catch (PDOException $e) {
+            echo $e->getMessage();
+        }
+    }
 }
diff --git a/App/Views/Access/login.html b/App/Views/Access/login.html
index 536f496..9107b67 100644
--- a/App/Views/Access/login.html
+++ b/App/Views/Access/login.html
@@ -17,14 +17,16 @@
             <input type="password" name="password" value="" placeholder="Type your password">
 
             <!-- method -->
-            <input type="hidden" name="_method" value="post">
+            <input type="hidden" name="_method" value="put">
 
             <!-- Token  -->
-            <input type="hidden" name="_token" value="##TOKEN##">
+            <input type="hidden" name="_token" value="{{ token }}">
 
             <br>
 
             <button type="submit" name="login">Login</button>
         </form>
+
+        <a href="/">-> Alternative route</a>
     </body>
 </html>
diff --git a/Core/Hash.php b/Core/Hash.php
new file mode 100644
index 0000000..4581910
--- /dev/null
+++ b/Core/Hash.php
@@ -0,0 +1,30 @@
+<?php
+namespace Core;
+
+class Hash
+{
+	public static function make($string, $salt = '')
+	{
+		// return hash('sha256', $string . $salt);
+		// return password_hash($string, PASSWORD_BCRYPT);
+		return crypt($string, $salt);
+	}
+
+	public static function salt()
+	{
+		// return mcrypt_create_iv($length);
+		return uniqid(mt_rand());
+	}
+
+	public static function unique()
+	{
+		return self::make(uniqid());
+	}
+
+	public static function compare($string, $salt, $hash)
+	{
+		// return (Hash::make($string, $salt) === $hash) ? true : false;
+		// return password_verify($string, $hash);
+		return hash_equals($hash, Hash::make($string, $salt));
+	}
+}
diff --git a/Core/Redirect.php b/Core/Redirect.php
index d7f2e60..0f8fa63 100644
--- a/Core/Redirect.php
+++ b/Core/Redirect.php
@@ -8,9 +8,6 @@ class Redirect
 		if($url)
 		{
 			$url = htmlspecialchars($url);
-			$url = rtrim($url, '/');
-            $url = substr_replace($url, '', 0, 1);
-            var_dump($url);
 
 			header("Location:$url");
 			return true;
