diff --git a/html.php b/html.php
index 3f6a983..1c27870 100644
--- a/html.php
+++ b/html.php
@@ -1,3 +1,11 @@
+<?php
+session_start();
+// If not logged in, redirect to login
+if (!isset($_SESSION['username'])) {
+    header('Location: loginn.php');
+    exit;
+}
+?>
 <!doctype html>
 <html lang="id">
 <head>
@@ -12,8 +20,13 @@
     <header>
       <h1> Blackjack [21] </h1>
       <div class="controls">
+        <div style="display:flex;gap:12px;align-items:center;margin-bottom:8px;">
+          <div>Signed in as: <strong><?php echo htmlspecialchars($_SESSION['username']); ?></strong></div>
+          <a href="topup.php" style="text-decoration:none;padding:6px 10px;background:#3b82f6;color:#fff;border-radius:6px;">Top Up</a>
+          <a href="logout.php" style="text-decoration:none;padding:6px 10px;background:#ef4444;color:#fff;border-radius:6px;">Logout</a>
+        </div>
         <div class="info">
-          <div class="chip">Bank: <span id="balance">1000</span></div>
+          <div class="chip">Bank: <span id="balance"><?php echo isset($_SESSION['balance']) ? (int)$_SESSION['balance'] : 0; ?></span></div>
           <div class="chip">Taruhan: <span id="current-bet">0</span></div>
         </div>
         <div class="bet">
diff --git a/koneksi.php b/koneksi.php
index f1df661..7f94225 100644
--- a/koneksi.php
+++ b/koneksi.php
@@ -9,4 +9,10 @@ $conn = mysqli_connect($host, $user, $pass, $db);
 if (!$conn) {
     die("Connection failed: " . mysqli_connect_error());
 }
+// Ensure 'balance' column exists in 'users' table. If not, add it with default 0.
+$check = mysqli_query($conn, "SHOW COLUMNS FROM users LIKE 'balance'");
+if ($check && mysqli_num_rows($check) == 0) {
+    // Attempt to add the column; ignore errors if table doesn't exist yet.
+    @mysqli_query($conn, "ALTER TABLE users ADD COLUMN balance INT NOT NULL DEFAULT 0");
+}
 ?>
diff --git a/loginn.php b/loginn.php
index 89fcf85..f0ff8c6 100644
--- a/loginn.php
+++ b/loginn.php
@@ -9,7 +9,12 @@ if(isset($_POST['login'])){
     $result = mysqli_query($conn, $sql);
 
     if (mysqli_num_rows($result) > 0) {
-        header("Location: html.php" );
+        $user = mysqli_fetch_assoc($result);
+        session_start();
+        $_SESSION['username'] = $user['username'];
+        // ensure balance key exists
+        $_SESSION['balance'] = isset($user['balance']) ? (int)$user['balance'] : 0;
+        header("Location: html.php");
         exit;
     } else {
         $error = 'Invalid username or password.';
diff --git a/logout.php b/logout.php
new file mode 100644
index 0000000..3f7b77d
--- /dev/null
+++ b/logout.php
@@ -0,0 +1,7 @@
+<?php
+session_start();
+session_unset();
+session_destroy();
+header('Location: loginn.php');
+exit;
+?>
diff --git a/register.php b/register.php
index 1bc8bcd..6831756 100644
--- a/register.php
+++ b/register.php
@@ -7,7 +7,12 @@ if (isset($_POST['register'])) {
     $username = $_POST['username'];
     $password = $_POST['password'];
 
-    $SQL = "INSERT INTO users (username, password) VALUES ('$username', '$password')";
+    // basic escaping to avoid simple injection (keep consistent with existing style)
+    $username = mysqli_real_escape_string($conn, $username);
+    $password = mysqli_real_escape_string($conn, $password);
+
+    // insert with initial balance = 0
+    $SQL = "INSERT INTO users (username, password, balance) VALUES ('$username', '$password', 0)";
     $result = mysqli_query($conn, $SQL);
 
     if ($result) {
diff --git a/topup.php b/topup.php
new file mode 100644
index 0000000..8ce1c69
--- /dev/null
+++ b/topup.php
@@ -0,0 +1,66 @@
+<?php
+include 'koneksi.php';
+session_start();
+
+if (!isset($_SESSION['username'])) {
+    header('Location: loginn.php');
+    exit;
+}
+
+$message = '';
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $amount = isset($_POST['amount']) ? (int)$_POST['amount'] : 0;
+    if ($amount <= 0) {
+        $message = 'Masukkan jumlah top up yang valid (lebih dari 0).';
+    } else {
+        $username = mysqli_real_escape_string($conn, $_SESSION['username']);
+        // Update balance in DB
+        $update = mysqli_query($conn, "UPDATE users SET balance = balance + $amount WHERE username = '$username'");
+        if ($update) {
+            // Fetch new balance
+            $res = mysqli_query($conn, "SELECT balance FROM users WHERE username = '$username'");
+            if ($res && mysqli_num_rows($res) > 0) {
+                $row = mysqli_fetch_assoc($res);
+                $_SESSION['balance'] = (int)$row['balance'];
+                $message = 'Top up berhasil. Saldo sekarang: ' . $_SESSION['balance'];
+            } else {
+                $message = 'Top up berhasil, tetapi gagal mengambil saldo terbaru.';
+            }
+        } else {
+            $message = 'Gagal memproses top up. Coba lagi.';
+        }
+    }
+}
+?>
+
+<!doctype html>
+<html lang="id">
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width,initial-scale=1" />
+  <title>Top Up - OCA GameHub</title>
+  <link rel="stylesheet" href="login.css" />
+</head>
+<body>
+  <div class="container">
+    <h2>Top Up Saldo</h2>
+    <p>Pengguna: <strong><?php echo htmlspecialchars($_SESSION['username']); ?></strong></p>
+    <p>Saldo saat ini: <strong><?php echo isset($_SESSION['balance']) ? (int)$_SESSION['balance'] : 0; ?></strong></p>
+
+    <?php if ($message): ?>
+      <div class="success-message show"><?php echo htmlspecialchars($message); ?></div>
+    <?php endif; ?>
+
+    <form method="POST" action="topup.php">
+      <div class="form-group">
+        <label for="amount">Jumlah Top Up (angka):</label>
+        <input id="amount" name="amount" type="number" min="1" required />
+      </div>
+      <div class="button-group">
+        <button type="submit" class="btn btn-register">Top Up</button>
+        <a href="html.php" class="btn btn-signin">Kembali</a>
+      </div>
+    </form>
+  </div>
+</body>
+</html>
diff --git a/users.sql b/users.sql
new file mode 100644
index 0000000..f264ffd
--- /dev/null
+++ b/users.sql
@@ -0,0 +1,70 @@
+-- phpMyAdmin SQL Dump
+-- version 5.2.1
+-- https://www.phpmyadmin.net/
+--
+-- Host: 127.0.0.1
+-- Generation Time: Dec 01, 2025 at 04:50 AM
+-- Server version: 10.4.32-MariaDB
+-- PHP Version: 8.0.30
+
+SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
+START TRANSACTION;
+SET time_zone = "+00:00";
+
+
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+/*!40101 SET NAMES utf8mb4 */;
+
+--
+-- Database: `login`
+--
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `users`
+--
+
+CREATE TABLE `users` (
+  `id` int(11) NOT NULL,
+  `username` varchar(50) DEFAULT NULL,
+  `password` varchar(255) DEFAULT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+
+--
+-- Dumping data for table `users`
+--
+
+INSERT INTO `users` (`id`, `username`, `password`) VALUES
+(1, '', ''),
+(15, 'Alex', '123'),
+(16, 'Ody', '123'),
+(17, 'cliff', '123');
+
+--
+-- Indexes for dumped tables
+--
+
+--
+-- Indexes for table `users`
+--
+ALTER TABLE `users`
+  ADD PRIMARY KEY (`id`),
+  ADD UNIQUE KEY `username` (`username`);
+
+--
+-- AUTO_INCREMENT for dumped tables
+--
+
+--
+-- AUTO_INCREMENT for table `users`
+--
+ALTER TABLE `users`
+  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=23;
+COMMIT;
+
+/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
+/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
+/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
