diff --git a/config.php-dist b/config.php-dist
index eeb1961bc..8e34e7b2c 100644
--- a/config.php-dist
+++ b/config.php-dist
@@ -13,5 +13,8 @@
 	
 	define(WEB_DEMO_MODE, false);
 
+
+	define(USE_HTTP_AUTH, false);
+	// use HTTP Basic authentication
 ?>
 
diff --git a/functions.php b/functions.php
index fc9818021..67575cbb2 100644
--- a/functions.php
+++ b/functions.php
@@ -515,8 +515,26 @@
 		db_query($link, "COMMIT");
 
 	}
+	
+	function authenticate_user($link, $login, $password) {
 
-	function authenticate_user($link) {
+		$pwd_hash = 'SHA1:' . sha1($password);
+
+		$result = db_query($link, "SELECT id,login FROM ttrss_users WHERE 
+			login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')");
+
+		if (db_num_rows($result) == 1) {
+			$_SESSION["uid"] = db_fetch_result($result, 0, "id");
+			$_SESSION["name"] = db_fetch_result($result, 0, "login");
+
+			return true;
+		}
+
+		return false;
+
+	}
+
+	function http_authenticate_user($link) {
 
 		if (!$_SERVER['PHP_AUTH_USER']) {
 
@@ -529,16 +547,9 @@
 
 			$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
 			$password = db_escape_string($_SERVER['PHP_AUTH_PW']);
-			$pwd_hash = 'SHA1:' . sha1($password);
 
-			$result = db_query($link, "SELECT id,login FROM ttrss_users WHERE 
-				login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')");
-
-			if (db_num_rows($result) == 1) {
-				$_SESSION["uid"] = db_fetch_result($result, 0, "id");
-				$_SESSION["name"] = db_fetch_result($result, 0, "login");
-			}			
-		}
+			return authenticate_user($link, $login, $password);
+		}		
 	}
 
 ?>
diff --git a/login.php b/login.php
index 10875ce87..86694667a 100644
--- a/login.php
+++ b/login.php
@@ -3,9 +3,18 @@
 
 	require_once "version.php"; 
 	require_once "config.php";
+	require_once "functions.php";
 
-	$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
-	$_SESSION["name"] = PLACEHOLDER_NAME;
+	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	
+
+	$login = $_POST["login"];
+	$password = $_POST["password"];
+
+	if ($login && $password) {
+		if (authenticate_user($link, $login, $password)) {
+			header("Location: tt-rss.php");
+		}
+	}
 
 ?>
 <html>
@@ -20,6 +29,8 @@
 
 <body>
 
+<form action="login.php" method="POST">
+
 <table width='100%' height='100%' class="loginForm">
 
 	<tr><td align='center' valign='middle'>
@@ -34,9 +45,17 @@
 		<td><input name="login"></td></tr>
 	<tr><td align="right">Password:</td>
 		<td><input type="password" name="password"></td></tr>
+
+	<tr><td colspan="2" align="center">
+		<input type="submit" class="button" value="Login">
+	</td></tr>
 	
 	</table></td></tr>
 </table>
 
+</form>
+
+<? db_close($link); ?>
+
 </body>
 </html>
diff --git a/prefs.php b/prefs.php
index 73081c7ca..837cf584f 100644
--- a/prefs.php
+++ b/prefs.php
@@ -8,8 +8,14 @@
 
 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	
 
-//	$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
-//	$_SESSION["name"] = PLACEHOLDER_NAME;
+	if (!USE_HTTP_AUTH) {
+		if (!$_SESSION["uid"]) {
+			header("Location: login.php");
+			exit;
+		}
+	} else {
+		authenticate_user($link);
+	}
 
 	initialize_user_prefs($link, $_SESSION["uid"]); 
 	// FIXME this needs to be moved somewhere after user creation
diff --git a/tt-rss.php b/tt-rss.php
index 7b6b11b48..9348944f6 100644
--- a/tt-rss.php
+++ b/tt-rss.php
@@ -8,10 +8,14 @@
 
 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	
 
-	authenticate_user($link);
-
-//	$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
-//	$_SESSION["name"] = PLACEHOLDER_NAME;
+	if (!USE_HTTP_AUTH) {
+		if (!$_SESSION["uid"]) {
+			header("Location: login.php");
+			exit;
+		}
+	} else {
+		authenticate_user($link);
+	}
 
 	initialize_user_prefs($link, $_SESSION["uid"]); 
 	// FIXME this needs to be moved somewhere after user creation