diff --git a/login.php b/login.php
new file mode 100644
index 0000000..01ac3d4
--- /dev/null
+++ b/login.php
@@ -0,0 +1,74 @@
+<?php
+ini_set('display_errors', 1);
+error_reporting(E_ALL);
+
+session_start();
+
+$dbFile = __DIR__ . '/users.sqlite';
+$redirectAfterLogin = 'sudoku.php';
+
+try {
+    $pdo = new PDO('sqlite:' . $dbFile);
+    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+} catch (Exception $e) {
+    die("DB Error: " . $e->getMessage());
+}
+
+$err = "";
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $user = trim($_POST['username'] ?? '');
+    $pass = $_POST['password'] ?? '';
+
+    if ($user === '' || $pass === '') {
+        $err = "Isi username dan password.";
+    } else {
+        $stmt = $pdo->prepare("SELECT * FROM users WHERE username = :u LIMIT 1");
+        $stmt->execute([':u' => $user]);
+        $row = $stmt->fetch(PDO::FETCH_ASSOC);
+
+        if ($row && password_verify($pass, $row['password'])) {
+            session_regenerate_id(true);
+            $_SESSION['user'] = $row['username'];
+            header("Location: $redirectAfterLogin");
+            exit;
+        } else {
+            $err = "Username atau password salah.";
+        }
+    }
+}
+?>
+<!DOCTYPE html>
+<html lang="id">
+<head>
+<meta charset="UTF-8">
+<title>Login</title>
+<style>
+body { font-family: Arial; background:#eef2f7; display:flex; height:100vh; justify-content:center; align-items:center; margin:0; }
+.card { width:350px; background:white; padding:20px; border-radius:10px; box-shadow:0 6px 20px rgba(0,0,0,0.1); }
+.input { width:100%; padding:10px; margin:8px 0; border:1px solid #ccc; border-radius:8px; }
+.btn { width:100%; padding:12px; background:#1e90ff; color:white; border:none; border-radius:8px; cursor:pointer; }
+.err { color:#d00000; margin-bottom:10px; text-align:center; }
+.link { text-align:center; margin-top:10px; }
+</style>
+</head>
+<body>
+<div class="card">
+    <h2>Login</h2>
+
+    <?php if ($err): ?>
+        <div class="err"><?= htmlspecialchars($err) ?></div>
+    <?php endif; ?>
+
+    <form method="post">
+        <input class="input" type="text" name="username" placeholder="Username">
+        <input class="input" type="password" name="password" placeholder="Password">
+        <button class="btn" type="submit">Masuk</button>
+    </form>
+
+    <div class="link">
+        Belum punya akun? <a href="register.php">Daftar</a>
+    </div>
+</div>
+</body>
+</html>
diff --git a/register.php b/register.php
new file mode 100644
index 0000000..a98c3e5
--- /dev/null
+++ b/register.php
@@ -0,0 +1,96 @@
+<?php
+ini_set('display_errors', 1);
+error_reporting(E_ALL);
+
+session_start();
+
+$dbFile = __DIR__ . '/users.sqlite';
+
+try {
+    $pdo = new PDO('sqlite:' . $dbFile);
+    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
+    // create table if not exists
+    $pdo->exec("
+        CREATE TABLE IF NOT EXISTS users (
+            id INTEGER PRIMARY KEY AUTOINCREMENT,
+            username TEXT UNIQUE NOT NULL,
+            password TEXT NOT NULL,
+            created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+        )
+    ");
+
+} catch (Exception $e) {
+    die("DB Error: " . $e->getMessage());
+}
+
+$err = "";
+$ok = "";
+
+// Regex password: minimal 6, huruf + angka
+function password_valid($p) {
+    return preg_match('/^(?=.*[A-Za-z])(?=.*\d).{6,}$/', $p);
+}
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $user = trim($_POST['username'] ?? '');
+    $pass = $_POST['password'] ?? '';
+    $pass2 = $_POST['password_confirm'] ?? '';
+
+    if ($user === '' || $pass === '' || $pass2 === '') {
+        $err = "Semua field harus diisi.";
+    } elseif ($pass !== $pass2) {
+        $err = "Konfirmasi password tidak cocok.";
+    } elseif (!password_valid($pass)) {
+        $err = "Password minimal 6 karakter, harus mengandung huruf & angka.";
+    } else {
+        try {
+            $hash = password_hash($pass, PASSWORD_DEFAULT);
+            $stmt = $pdo->prepare("INSERT INTO users (username, password) VALUES (:u, :p)");
+            $stmt->execute([':u' => $user, ':p' => $hash]);
+            $ok = "Registrasi berhasil, silakan login.";
+        } catch (PDOException $e) {
+            if ($e->getCode() == "23000") {
+                $err = "Username sudah digunakan.";
+            } else {
+                $err = "Error: " . $e->getMessage();
+            }
+        }
+    }
+}
+?>
+<!DOCTYPE html>
+<html lang="id">
+<head>
+<meta charset="UTF-8">
+<title>Register</title>
+<style>
+body { font-family: Arial; background:#eef2f7; display:flex; height:100vh; justify-content:center; align-items:center; margin:0; }
+.card { width:350px; background:white; padding:20px; border-radius:10px; box-shadow:0 6px 20px rgba(0,0,0,0.1); }
+.input { width:100%; padding:10px; margin:8px 0; border:1px solid #ccc; border-radius:8px; }
+.btn { width:100%; padding:12px; background:#28a745; color:white; border:none; border-radius:8px; cursor:pointer; }
+.err { color:#d00000; margin-bottom:10px; text-align:center; }
+.ok { color:green; margin-bottom:10px; text-align:center; }
+.link { text-align:center; margin-top:10px; }
+</style>
+</head>
+<body>
+<div class="card">
+    <h2>Register</h2>
+
+    <?php if ($err): ?><div class="err"><?= htmlspecialchars($err) ?></div><?php endif; ?>
+    <?php if ($ok): ?><div class="ok"><?= htmlspecialchars($ok) ?></div><?php endif; ?>
+
+    <form method="post">
+        <input class="input" type="text" name="username" placeholder="Masukkan Username">
+        <input class="input" type="password" name="password" placeholder="Masukkan Password">
+        <input class="input" type="password" name="password_confirm" placeholder="Konfirmasi Password">
+        <button class="btn" type="submit">Daftar</button>
+    </form>
+
+    <div class="link">
+        Sudah punya akun? <a href="login.php">Login</a>
+    </div>
+</div>
+</body>
+</html>