diff --git a/add_user.php b/add_user.php
new file mode 100644
index 0000000..390373c
--- /dev/null
+++ b/add_user.php
@@ -0,0 +1,22 @@
+<?php
+session_start();
+require_once 'db/config.php';
+
+if (!isset($_SESSION['user_id']) || !$_SESSION['is_admin']) {
+    header('Location: index.php');
+    exit;
+}
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $username = $_POST['username'];
+    $password = $_POST['password'];
+    $hashed_password = password_hash($password, PASSWORD_DEFAULT);
+
+    $pdo = db();
+    $stmt = $pdo->prepare("INSERT INTO users (username, password) VALUES (?, ?)");
+    $stmt->execute([$username, $hashed_password]);
+
+    header('Location: admin.php');
+    exit;
+}
+?>
\ No newline at end of file
diff --git a/admin.php b/admin.php
index 7dec9fc..303fa2d 100644
--- a/admin.php
+++ b/admin.php
@@ -1,41 +1,116 @@
+<?php
+session_start();
+require_once 'db/config.php';
+
+// Check if user is logged in and is an admin
+if (!isset($_SESSION['user_id']) || !$_SESSION['is_admin']) {
+    header('Location: index.php');
+    exit;
+}
+
+$pdo = db();
+
+// Fetch all users except the current admin
+$stmt = $pdo->prepare("SELECT * FROM users WHERE id != ?");
+$stmt->execute([$_SESSION['user_id']]);
+$users = $stmt->fetchAll();
+
+?>
 <!DOCTYPE html>
-<html lang="en">
+<html lang="tr">
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>Admin Panel</title>
+    <title>Admin Paneli</title>
     <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
+    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css">
 </head>
 <body>
-    <div class="container mt-5">
-        <div class="row justify-content-center">
+    <div class="container my-5">
+        <div class="d-flex justify-content-between align-items-center mb-4">
+            <h1>Admin Paneli</h1>
+            <a href="index.php" class="btn btn-secondary">Ana Sayfaya Dön</a>
+        </div>
+
+        <div class="row">
             <div class="col-md-6">
-                <div class="card">
-                    <div class="card-header">
-                        <h3>Admin Panel</h3>
-                    </div>
+                <div class="card mb-4">
+                    <div class="card-header">Şifre Değiştir</div>
                     <div class="card-body">
-                        <h5 class="card-title">Logo Management</h5>
-                        <p class="card-text">Upload a new logo for the site. The current logo will be replaced. The file should be a PNG, JPG, or GIF.</p>
-                        <?php if (isset($_GET['success'])): ?>
-                            <div class="alert alert-success">Logo uploaded successfully!</div>
-                        <?php elseif (isset($_GET['error'])): ?>
-                            <div class="alert alert-danger">Error uploading logo: <?php echo htmlspecialchars($_GET['error']); ?></div>
-                        <?php endif; ?>
-                        <form action="upload.php" method="post" enctype="multipart/form-data">
+                        <form action="change_password.php" method="post">
                             <div class="mb-3">
-                                <label for="logoFile" class="form-label">Select image:</label>
-                                <input class="form-control" type="file" name="logoFile" id="logoFile" required>
+                                <label for="new_password" class="form-label">Yeni Şifre</label>
+                                <input type="password" name="new_password" class="form-control" required>
                             </div>
-                            <button type="submit" class="btn btn-primary">Upload Logo</button>
+                            <button type="submit" class="btn btn-primary">Şifreyi Güncelle</button>
                         </form>
                     </div>
-                    <div class="card-footer text-center">
-                        <a href="/" class="btn btn-secondary">Back to Home</a>
+                </div>
+
+                <div class="card">
+                    <div class="card-header">Logo Yükle</div>
+                    <div class="card-body">
+                        <form action="admin.php" method="post" enctype="multipart/form-data">
+                            <div class="mb-3">
+                                <label for="logo" class="form-label">Logo seçin (PNG, JPG, GIF, SVG):</label>
+                                <input class="form-control" type="file" id="logo" name="logo" accept="image/png,image/jpeg,image/gif,image/svg+xml" required>
+                            </div>
+                            <button type="submit" class="btn btn-primary">Yükle</button>
+                        </form>
+                    </div>
+                </div>
+            </div>
+
+            <div class="col-md-6">
+                <div class="card">
+                    <div class="card-header">Kullanıcı Ekle</div>
+                    <div class="card-body">
+                        <form action="add_user.php" method="post">
+                            <div class="mb-3">
+                                <label for="username" class="form-label">Kullanıcı Adı</label>
+                                <input type="text" name="username" class="form-control" required>
+                            </div>
+                            <div class="mb-3">
+                                <label for="password" class="form-label">Şifre</label>
+                                <input type="password" name="password" class="form-control" required>
+                            </div>
+                            <button type="submit" class="btn btn-primary">Kullanıcı Ekle</button>
+                        </form>
                     </div>
                 </div>
             </div>
         </div>
+
+        <div class="card mt-4">
+            <div class="card-header">Kullanıcıları Yönet</div>
+            <div class="card-body">
+                <form action="update_permissions.php" method="post">
+                    <table class="table">
+                        <thead>
+                            <tr>
+                                <th>Kullanıcı Adı</th>
+                                <th>Görüntüleme</th>
+                                <th>Ekleme</th>
+                                <th>Silme</th>
+                                <th>Düzenleme</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            <?php foreach ($users as $user): ?>
+                                <tr>
+                                    <td><?php echo htmlspecialchars($user['username']); ?></td>
+                                    <td><input type="checkbox" name="permissions[<?php echo $user['id']; ?>][can_view]" <?php echo $user['can_view'] ? 'checked' : ''; ?>></td>
+                                    <td><input type="checkbox" name="permissions[<?php echo $user['id']; ?>][can_add]" <?php echo $user['can_add'] ? 'checked' : ''; ?>></td>
+                                    <td><input type="checkbox" name="permissions[<?php echo $user['id']; ?>][can_delete]" <?php echo $user['can_delete'] ? 'checked' : ''; ?>></td>
+                                    <td><input type="checkbox" name="permissions[<?php echo $user['id']; ?>][can_edit]" <?php echo $user['can_edit'] ? 'checked' : ''; ?>></td>
+                                </tr>
+                            <?php endforeach; ?>
+                        </tbody>
+                    </table>
+                    <button type="submit" class="btn btn-primary">Yetkileri Kaydet</button>
+                </form>
+            </div>
+        </div>
     </div>
 </body>
-</html>
+</html>
\ No newline at end of file
diff --git a/change_password.php b/change_password.php
new file mode 100644
index 0000000..ec45868
--- /dev/null
+++ b/change_password.php
@@ -0,0 +1,21 @@
+<?php
+session_start();
+require_once 'db/config.php';
+
+if (!isset($_SESSION['user_id']) || !$_SESSION['is_admin']) {
+    header('Location: index.php');
+    exit;
+}
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $new_password = $_POST['new_password'];
+    $hashed_password = password_hash($new_password, PASSWORD_DEFAULT);
+
+    $pdo = db();
+    $stmt = $pdo->prepare("UPDATE users SET password = ? WHERE id = ?");
+    $stmt->execute([$hashed_password, $_SESSION['user_id']]);
+
+    header('Location: admin.php');
+    exit;
+}
+?>
\ No newline at end of file
diff --git a/index.php b/index.php
index aa33734..53363b2 100644
--- a/index.php
+++ b/index.php
@@ -1,57 +1,23 @@
 <?php
-// Mock data for the contact directory
-$contacts = [
-    [
-        "Cust.Code" => "C001",
-        "Ticari Unvan" => "Flatlogic Inc.",
-        "Sehir" => "New York",
-        "Ad" => "John",
-        "Soyad" => "Doe",
-        "Telefon" => "123-456-7890",
-        "E-posta" => "john.doe@example.com",
-        "Grup Adı" => "VIP",
-    ],
-    [
-        "Cust.Code" => "C002",
-        "Ticari Unvan" => "Google LLC",
-        "Sehir" => "Mountain View",
-        "Ad" => "Jane",
-        "Soyad" => "Smith",
-        "Telefon" => "987-654-3210",
-        "E-posta" => "jane.smith@example.com",
-        "Grup Adı" => "Technology",
-    ],
-    [
-        "Cust.Code" => "C003",
-        "Ticari Unvan" => "Microsoft Corp.",
-        "Sehir" => "Redmond",
-        "Ad" => "Peter",
-        "Soyad" => "Jones",
-        "Telefon" => "555-123-4567",
-        "E-posta" => "peter.jones@example.com",
-        "Grup Adı" => "Software",
-    ],
-    [
-        "Cust.Code" => "C004",
-        "Ticari Unvan" => "Apple Inc.",
-        "Sehir" => "Cupertino",
-        "Ad" => "Mary",
-        "Soyad" => "Johnson",
-        "Telefon" => "555-987-6543",
-        "E-posta" => "mary.j@example.com",
-        "Grup Adı" => "Hardware",
-    ],
-    [
-        "Cust.Code" => "C005",
-        "Ticari Unvan" => "Amazon.com, Inc.",
-        "Sehir" => "Seattle",
-        "Ad" => "David",
-        "Soyad" => "Williams",
-        "Telefon" => "555-555-5555",
-        "E-posta" => "david.w@example.com",
-        "Grup Adı" => "e-Commerce",
-    ]
-];
+session_start();
+require_once 'db/config.php';
+
+$is_logged_in = isset($_SESSION['user_id']);
+$user_permissions = [];
+$contacts = [];
+
+if ($is_logged_in) {
+    $pdo = db();
+    $stmt = $pdo->prepare("SELECT can_view, can_add, can_delete, can_edit, is_admin FROM users WHERE id = ?");
+    $stmt->execute([$_SESSION['user_id']]);
+    $user_permissions = $stmt->fetch();
+
+    if ($user_permissions['can_view']) {
+        $stmt = $pdo->query("SELECT * FROM contacts");
+        $contacts = $stmt->fetchAll();
+    }
+}
+
 ?>
 <!DOCTYPE html>
 <html lang="tr">
@@ -75,22 +41,22 @@ $contacts = [
 </head>
 <body>
 
+    <?php if ($is_logged_in && $user_permissions['can_view']): ?>
     <nav class="navbar navbar-expand-lg navbar-light bg-white sticky-top">
         <div class="container-fluid">
-            <a class="navbar-brand d-flex align-items-center" href="/">
+            <a class="navbar-brand" href="/">
                 <?php
-                $logo_path = glob('assets/images/logo.*');
-                if ($logo_path) {
-                    echo '<img src="' . $logo_path[0] . '?v=' . time() . '" alt="Logo" style="max-height: 40px; margin-right: 10px;">';
+                $logo_path = 'assets/images/logo.png';
+                if (file_exists($logo_path)) {
+                    echo '<img src="' . $logo_path . '?v=' . time() . '" alt="Logo" style="max-height: 40px; margin-right: 10px;">';
+                } else {
+                    echo '<i class="bi bi-book-half me-2"></i>';
                 }
                 ?>
-                <i class="bi bi-book-half me-2"></i>
                 rehber
             </a>
-            <div class="ms-auto">
-                <a href="/admin.php" class="btn btn-outline-secondary btn-sm">
-                    <i class="bi bi-gear-fill me-1"></i> Admin Panel
-                </a>
+            <div class="d-flex">
+                <a href="logout.php" class="btn btn-outline-secondary">Çıkış Yap</a>
             </div>
         </div>
     </nav>
@@ -99,9 +65,11 @@ $contacts = [
         <div class="d-flex justify-content-between align-items-center mb-4 flex-wrap">
             <h1 class="h2">Contact Directory</h1>
             <div class="d-flex gap-2">
+                <?php if ($user_permissions['can_add']): ?>
                 <button class="btn btn-primary">
                     <i class="bi bi-plus-circle me-2"></i>Add Record
                 </button>
+                <?php endif; ?>
                 <button class="btn btn-outline-secondary">
                     <i class="bi bi-box-arrow-up-right me-2"></i>Export
                 </button>
@@ -143,8 +111,12 @@ $contacts = [
                             <td><a href="mailto:<?php echo htmlspecialchars($contact['E-posta']); ?>"><?php echo htmlspecialchars($contact['E-posta']); ?></a></td>
                             <td><span class="badge bg-secondary bg-opacity-25 text-dark"><?php echo htmlspecialchars($contact['Grup Adı']); ?></span></td>
                             <td class="text-end">
+                                <?php if ($user_permissions['can_edit']): ?>
                                 <a href="#" class="action-icon me-2" data-bs-toggle="tooltip" title="Edit"><i class="bi bi-pencil-square"></i></a>
+                                <?php endif; ?>
+                                <?php if ($user_permissions['can_delete']): ?>
                                 <a href="#" class="action-icon" data-bs-toggle="tooltip" title="Delete"><i class="bi bi-trash"></i></a>
+                                <?php endif; ?>
                             </td>
                         </tr>
                         <?php endforeach; ?>
@@ -159,6 +131,41 @@ $contacts = [
         <small>Built with Flatlogic Generator</small>
     </footer>
 
+    <?php if ($user_permissions['is_admin']): ?>
+    <div style="position: fixed; bottom: 10px; left: 10px; z-index: 1030;">
+        <a href="admin.php" class="btn btn-outline-secondary btn-sm">
+            <i class="bi bi-gear"></i> Admin Panel
+        </a>
+    </div>
+    <?php endif; ?>
+
+    <?php else: ?>
+    <div class="container">
+        <div class="row justify-content-center align-items-center vh-100">
+            <div class="col-md-6 text-center">
+                <h1 class="mb-4">Seyidoğlu Asistan Rehber Sistemine Hoşgeldiniz</h1>
+                <div class="card">
+                    <div class="card-body">
+                        <h5 class="card-title">Giriş Yap</h5>
+                        <?php if (isset($_GET['error'])): ?>
+                            <div class="alert alert-danger">Kullanıcı adı veya şifre hatalı.</div>
+                        <?php endif; ?>
+                        <form action="login.php" method="post">
+                            <div class="mb-3">
+                                <input type="text" name="username" class="form-control" placeholder="Kullanıcı Adı" required>
+                            </div>
+                            <div class="mb-3">
+                                <input type="password" name="password" class="form-control" placeholder="Şifre" required>
+                            </div>
+                            <button type="submit" class="btn btn-primary">Giriş</button>
+                        </form>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+    <?php endif; ?>
+
     <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
     <script src="assets/js/main.js"></script>
 </body>
diff --git a/login.php b/login.php
new file mode 100644
index 0000000..6819484
--- /dev/null
+++ b/login.php
@@ -0,0 +1,25 @@
+<?php
+session_start();
+require_once 'db/config.php';
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $username = $_POST['username'];
+    $password = $_POST['password'];
+
+    $pdo = db();
+    $stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
+    $stmt->execute([$username]);
+    $user = $stmt->fetch();
+
+    if ($user && password_verify($password, $user['password'])) {
+        $_SESSION['user_id'] = $user['id'];
+        $_SESSION['username'] = $user['username'];
+        $_SESSION['is_admin'] = $user['is_admin'];
+        header('Location: index.php');
+        exit;
+    } else {
+        header('Location: index.php?error=1');
+        exit;
+    }
+}
+?>
\ No newline at end of file
diff --git a/logout.php b/logout.php
new file mode 100644
index 0000000..533ee6a
--- /dev/null
+++ b/logout.php
@@ -0,0 +1,7 @@
+<?php
+session_start();
+session_unset();
+session_destroy();
+header('Location: index.php');
+exit;
+?>
\ No newline at end of file
diff --git a/update_permissions.php b/update_permissions.php
new file mode 100644
index 0000000..e9687c4
--- /dev/null
+++ b/update_permissions.php
@@ -0,0 +1,31 @@
+<?php
+session_start();
+require_once 'db/config.php';
+
+if (!isset($_SESSION['user_id']) || !$_SESSION['is_admin']) {
+    header('Location: index.php');
+    exit;
+}
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $permissions = $_POST['permissions'];
+    $pdo = db();
+
+    foreach ($permissions as $user_id => $perms) {
+        $can_view = isset($perms['can_view']) ? 1 : 0;
+        $can_add = isset($perms['can_add']) ? 1 : 0;
+        $can_delete = isset($perms['can_delete']) ? 1 : 0;
+        $can_edit = isset($perms['can_edit']) ? 1 : 0;
+
+        $stmt = $pdo->prepare("
+            UPDATE users 
+            SET can_view = ?, can_add = ?, can_delete = ?, can_edit = ?
+            WHERE id = ?
+        ");
+        $stmt->execute([$can_view, $can_add, $can_delete, $can_edit, $user_id]);
+    }
+
+    header('Location: admin.php');
+    exit;
+}
+?>
\ No newline at end of file
diff --git a/upload.php b/upload.php
deleted file mode 100644
index 20a30d0..0000000
--- a/upload.php
+++ /dev/null
@@ -1,54 +0,0 @@
-<?php
-if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['logoFile'])) {
-    $targetDir = "assets/images/";
-    // Ensure the target directory exists
-    if (!is_dir($targetDir)) {
-        mkdir($targetDir, 0775, true);
-    }
-
-    $original_filename = $_FILES["logoFile"]["name"];
-    $imageFileType = strtolower(pathinfo($original_filename, PATHINFO_EXTENSION));
-
-    // Use a consistent name for the logo file to make it easy to reference
-    $targetFile = $targetDir . "logo." . $imageFileType;
-
-    // Check if image file is a actual image or fake image
-    $check = getimagesize($_FILES["logoFile"]["tmp_name"]);
-    if($check === false) {
-        header("Location: admin.php?error=File is not an image.");
-        exit;
-    }
-
-    // Allow certain file formats
-    $allowed_types = ["jpg", "png", "jpeg", "gif"];
-    if(!in_array($imageFileType, $allowed_types)) {
-        header("Location: admin.php?error=Sorry, only JPG, JPEG, PNG & GIF files are allowed.");
-        exit;
-    }
-
-    // Before uploading, remove any old logo files to avoid conflicts
-    $existing_logos = glob($targetDir . "logo.*_old");
-    foreach ($existing_logos as $old_logo) {
-        unlink($old_logo);
-    }
-
-    // Check if a logo already exists and rename it
-    $current_logo_path = glob($targetDir . "logo.*_old");
-    if (!empty($current_logo_path)) {
-        rename($current_logo_path[0], $targetDir . "logo." . pathinfo($current_logo_path[0], PATHINFO_EXTENSION) . "_old");
-    }
-
-    // Try to upload file
-    if (move_uploaded_file($_FILES["logoFile"]["tmp_name"], $targetFile)) {
-        header("Location: admin.php?success=1");
-        exit;
-    } else {
-        header("Location: admin.php?error=Sorry, there was an error uploading your file.");
-        exit;
-    }
-} else {
-    // Redirect back to admin page if accessed directly
-    header("Location: admin.php");
-    exit;
-}
-?>
\ No newline at end of file
