diff --git a/db.sqlite3 b/db.sqlite3
index 7eb0d1e..fc6f722 100644
Binary files a/db.sqlite3 and b/db.sqlite3 differ
diff --git a/main/migrations/0002_product_user.py b/main/migrations/0002_product_user.py
new file mode 100644
index 0000000..eab9bf7
--- /dev/null
+++ b/main/migrations/0002_product_user.py
@@ -0,0 +1,22 @@
+# Generated by Django 4.2.4 on 2023-09-20 07:13
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('main', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='product',
+            name='user',
+            field=models.ForeignKey(default=1, on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL),
+            preserve_default=False,
+        ),
+    ]
diff --git a/main/models.py b/main/models.py
index 5f1f117..45b6da8 100644
--- a/main/models.py
+++ b/main/models.py
@@ -1,6 +1,8 @@
 from django.db import models
+from django.contrib.auth.models import User
 
 class Product(models.Model):
+    user = models.ForeignKey(User, on_delete=models.CASCADE)
     name = models.CharField(max_length=255)
     date_added = models.DateField(auto_now_add=True)
     price = models.IntegerField()
diff --git a/main/templates/login.html b/main/templates/login.html
new file mode 100644
index 0000000..ce64cd6
--- /dev/null
+++ b/main/templates/login.html
@@ -0,0 +1,45 @@
+{% extends 'base.html' %}
+
+{% block meta %}
+    <title>Login</title>
+{% endblock meta %}
+
+{% block content %}
+
+<div class = "login">
+
+    <h1>Login</h1>
+
+    <form method="POST" action="">
+        {% csrf_token %}
+        <table>
+            <tr>
+                <td>Username: </td>
+                <td><input type="text" name="username" placeholder="Username" class="form-control"></td>
+            </tr>
+                    
+            <tr>
+                <td>Password: </td>
+                <td><input type="password" name="password" placeholder="Password" class="form-control"></td>
+            </tr>
+
+            <tr>
+                <td></td>
+                <td><input class="btn login_btn" type="submit" value="Login"></td>
+            </tr>
+        </table>
+    </form>
+
+    {% if messages %}
+        <ul>
+            {% for message in messages %}
+                <li>{{ message }}</li>
+            {% endfor %}
+        </ul>
+    {% endif %}     
+        
+    Don't have an account yet? <a href="{% url 'main:register' %}">Register Now</a>
+
+</div>
+
+{% endblock content %}
\ No newline at end of file
diff --git a/main/templates/main.html b/main/templates/main.html
index c9ab67d..cb660de 100644
--- a/main/templates/main.html
+++ b/main/templates/main.html
@@ -31,10 +31,18 @@ <h5>Class:</h5>
 
 <br />
 
+<h5>Sesi terakhir login: {{ last_login }}</h5>
+
 <a href="{% url 'main:create_product' %}">
     <button>
         Add New Product
     </button>
 </a>
 
+<a href="{% url 'main:logout' %}">
+    <button>
+        Logout
+    </button>
+</a>
+
 {% endblock content %}
\ No newline at end of file
diff --git a/main/templates/register.html b/main/templates/register.html
new file mode 100644
index 0000000..9bed1d0
--- /dev/null
+++ b/main/templates/register.html
@@ -0,0 +1,34 @@
+{% extends 'base.html' %}
+
+{% block meta %}
+    <title>Register</title>
+{% endblock meta %}
+
+{% block content %}  
+
+<div class = "login">
+    
+    <h1>Register</h1>  
+
+        <form method="POST" >  
+            {% csrf_token %}  
+            <table>  
+                {{ form.as_table }}  
+                <tr>  
+                    <td></td>
+                    <td><input type="submit" name="submit" value="Daftar"/></td>  
+                </tr>  
+            </table>  
+        </form>
+
+    {% if messages %}  
+        <ul>   
+            {% for message in messages %}  
+                <li>{{ message }}</li>  
+                {% endfor %}  
+        </ul>   
+    {% endif %}
+
+</div>  
+
+{% endblock content %}
\ No newline at end of file
diff --git a/main/urls.py b/main/urls.py
index 171820e..d831b0a 100644
--- a/main/urls.py
+++ b/main/urls.py
@@ -1,9 +1,12 @@
 from django.urls import path
-from main.views import show_main, create_product, show_xml, show_json, show_xml_by_id, show_json_by_id 
+from main.views import show_main, create_product, show_xml, show_json, show_xml_by_id, show_json_by_id, register, login_user, logout_user 
 
 app_name = 'main'
 
 urlpatterns = [
+    path('register/', register, name='register'),
+    path('login/', login_user, name='login'),
+    path('logout/', logout_user, name='logout'),
     path('create-product', create_product, name='create_product'),
     path('xml/', show_xml, name='show_xml'), 
     path('json/', show_json, name='show_json'), 
diff --git a/main/views.py b/main/views.py
index f353559..85da0f2 100644
--- a/main/views.py
+++ b/main/views.py
@@ -1,3 +1,4 @@
+import datetime
 from django.shortcuts import render
 from django.http import HttpResponseRedirect
 from main.forms import ProductForm
@@ -5,15 +6,22 @@
 from main.models import Product
 from django.http import HttpResponse
 from django.core import serializers
+from django.shortcuts import redirect
+from django.contrib.auth.forms import UserCreationForm
+from django.contrib import messages  
+from django.contrib.auth import authenticate, login, logout
+from django.contrib.auth.decorators import login_required
 
 # Create your views here.
+@login_required(login_url='/login')
 def show_main(request):
-    products = Product.objects.all()
+    products = Product.objects.filter(user=request.user)
     
     context = {
-        'name': 'Daffa Mohamad Fathoni',
+        'name': request.user.username,
         'class': 'PBP E',
-        'products': products
+        'products': products,
+        'last_login': request.COOKIES['last_login']
     }
     return render(request, "main.html", context)
 
@@ -21,12 +29,47 @@ def create_product(request):
     form = ProductForm(request.POST or None)
 
     if form.is_valid() and request.method == "POST":
-        form.save()
+        product = form.save(commit=False)
+        product.user = request.user
+        product.save()
         return HttpResponseRedirect(reverse('main:show_main'))
 
     context = {'form': form}
     return render(request, "create_product.html", context)
 
+def register(request):
+    form = UserCreationForm()
+
+    if request.method == "POST":
+        form = UserCreationForm(request.POST)
+        if form.is_valid():
+            form.save()
+            messages.success(request, 'Your account has been successfully created!')
+            return redirect('main:login')
+    context = {'form':form}
+    return render(request, 'register.html', context)
+
+def login_user(request):
+    if request.method == 'POST':
+        username = request.POST.get('username')
+        password = request.POST.get('password')
+        user = authenticate(request, username=username, password=password)
+        if user is not None:
+            login(request, user)
+            response = HttpResponseRedirect(reverse("main:show_main")) 
+            response.set_cookie('last_login', str(datetime.datetime.now()))
+            return response
+        else:
+            messages.info(request, 'Sorry, incorrect username or password. Please try again.')
+    context = {}
+    return render(request, 'login.html', context)
+
+def logout_user(request):
+    logout(request)
+    response = HttpResponseRedirect(reverse('main:login'))
+    response.delete_cookie('last_login')
+    return response
+
 def show_xml(request):
     data = Product.objects.all()
     return HttpResponse(serializers.serialize("xml", data), content_type="application/xml")
diff --git a/shopping_list/__pycache__/settings.cpython-311.pyc b/shopping_list/__pycache__/settings.cpython-311.pyc
index 7eefb50..a04bd29 100644
Binary files a/shopping_list/__pycache__/settings.cpython-311.pyc and b/shopping_list/__pycache__/settings.cpython-311.pyc differ