diff --git a/add_patient.php b/add_patient.php
index a20e19c..3ac642e 100644
--- a/add_patient.php
+++ b/add_patient.php
@@ -1,8 +1,16 @@
 <?php
+session_start();
 require_once 'db/config.php';
 
 header('Content-Type: application/json');
 
+// Proteger el endpoint
+if (!isset($_SESSION['user_id'])) {
+    http_response_code(401);
+    echo json_encode(['success' => false, 'message' => 'Unauthorized']);
+    exit;
+}
+
 $response = ['success' => false, 'message' => 'An error occurred.'];
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
diff --git a/auth.php b/auth.php
new file mode 100644
index 0000000..1f2430d
--- /dev/null
+++ b/auth.php
@@ -0,0 +1,54 @@
+<?php
+session_start();
+require_once 'db/config.php';
+
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+    header('Location: login.php');
+    exit;
+}
+
+$username = $_POST['username'] ?? '';
+$password = $_POST['password'] ?? '';
+
+if (empty($username) || empty($password)) {
+    $_SESSION['error'] = 'Por favor, complete todos los campos.';
+    header('Location: login.php');
+    exit;
+}
+
+try {
+    $pdo = db();
+    $stmt = $pdo->prepare("SELECT * FROM users WHERE username = :username");
+    $stmt->bindParam(':username', $username);
+    $stmt->execute();
+    $user = $stmt->fetch(PDO::FETCH_ASSOC);
+
+    if ($user && password_verify($password, $user['password'])) {
+        // Regenerate session ID to prevent session fixation
+        session_regenerate_id(true);
+
+        // Store user data in session
+        $_SESSION['user_id'] = $user['id'];
+        $_SESSION['username'] = $user['username'];
+        $_SESSION['role'] = $user['role'];
+
+        // Redirect based on role
+        if ($user['role'] === 'admin') {
+            header('Location: dashboard.php');
+        } else {
+            // Redirect to a general user page or index if not admin
+            header('Location: index.php');
+        }
+        exit;
+    } else {
+        $_SESSION['error'] = 'Usuario o contraseña incorrectos.';
+        header('Location: login.php');
+        exit;
+    }
+} catch (PDOException $e) {
+    // In a real app, log this error instead of showing it to the user
+    $_SESSION['error'] = 'Error de base de datos. Intente de nuevo más tarde.';
+    // error_log($e->getMessage());
+    header('Location: login.php');
+    exit;
+}
diff --git a/dashboard.php b/dashboard.php
new file mode 100644
index 0000000..929d9ce
--- /dev/null
+++ b/dashboard.php
@@ -0,0 +1,43 @@
+<?php
+session_start();
+
+// Proteger la página
+if (!isset($_SESSION['user_id']) || $_SESSION['role'] !== 'admin') {
+    $_SESSION['error'] = "Acceso denegado. Por favor, inicie sesión como administrador.";
+    header('Location: login.php');
+    exit;
+}
+
+$username = $_SESSION['username'] ?? 'Admin';
+?>
+<!DOCTYPE html>
+<html lang="es">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Dashboard - CDT Health Care</title>
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
+    <link rel="stylesheet" href="assets/css/custom.css">
+</head>
+<body>
+    <nav class="navbar navbar-expand-lg navbar-light bg-white shadow-sm">
+        <div class="container">
+            <a class="navbar-brand" href="#">CDT Health Care</a>
+            <ul class="navbar-nav ms-auto">
+                <li class="nav-item">
+                    <a class="nav-link" href="logout.php">Cerrar Sesión</a>
+                </li>
+            </ul>
+        </div>
+    </nav>
+
+    <main class="container mt-5">
+        <div class="p-5 mb-4 bg-white rounded-3">
+            <div class="container-fluid py-5">
+                <h1 class="display-5 fw-bold">Bienvenido, <?= htmlspecialchars($username) ?></h1>
+                <p class="col-md-8 fs-4">Este es el panel de administración. Desde aquí podrás gestionar usuarios, ver reportes y configurar el sistema.</p>
+            </div>
+        </div>
+    </main>
+</body>
+</html>
diff --git a/index.php b/index.php
index 840cc8e..28f6f69 100644
--- a/index.php
+++ b/index.php
@@ -1,13 +1,23 @@
+<?php
+session_start();
+
+// Proteger la página
+if (!isset($_SESSION['user_id'])) {
+    header('Location: login.php');
+    exit;
+}
+$username = $_SESSION['username'] ?? 'Usuario';
+?>
 <!DOCTYPE html>
 <html lang="en">
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>SdC - Patient Transfer</title>
-    <meta name="description" content="Built with Flatlogic Generator">
-    <meta name="keywords" content="patient transfer, ambulance, hospital, emergency, medical, Built with Flatlogic Generator">
-    <meta property="og:title" content="SdC - Patient Transfer">
-    <meta property="og:description" content="Built with Flatlogic Generator">
+    <title>CDT Health Care - Patient Transfer</title>
+    <meta name="description" content="Built with CDT Health Care">
+    <meta name="keywords" content="patient transfer, ambulance, hospital, emergency, medical, Built with CDT Health Care">
+    <meta property="og:title" content="CDT Health Care - Patient Transfer">
+    <meta property="og:description" content="Built with CDT Health Care">
     <meta property="og:image" content="">
     <meta name="twitter:card" content="summary_large_image">
     <meta name="twitter:image" content="">
@@ -15,6 +25,25 @@
     <link rel="stylesheet" href="assets/css/custom.css">
 </head>
 <body>
+    <nav class="navbar navbar-expand-lg navbar-light bg-light shadow-sm">
+        <div class="container">
+            <a class="navbar-brand" href="index.php">CDT Health Care</a>
+            <ul class="navbar-nav ms-auto">
+                <li class="nav-item dropdown">
+                    <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false">
+                        <?= htmlspecialchars($username) ?>
+                    </a>
+                    <ul class="dropdown-menu" aria-labelledby="navbarDropdown">
+                        <?php if ($_SESSION['role'] === 'admin'): ?>
+                            <li><a class="dropdown-item" href="dashboard.php">Admin Dashboard</a></li>
+                            <li><hr class="dropdown-divider"></li>
+                        <?php endif; ?>
+                        <li><a class="dropdown-item" href="logout.php">Cerrar Sesión</a></li>
+                    </ul>
+                </li>
+            </ul>
+        </div>
+    </nav>
     <header class="bg-primary text-white text-center py-3">
         <h1>Patient Transfer Request</h1>
     </header>
@@ -65,6 +94,7 @@
             </div>
         </div>
     </main>
+    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/js/bootstrap.bundle.min.js"></script>
     <script src="assets/js/main.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/login.php b/login.php
new file mode 100644
index 0000000..c462e81
--- /dev/null
+++ b/login.php
@@ -0,0 +1,42 @@
+<?php
+session_start();
+$error = $_SESSION['error'] ?? null;
+unset($_SESSION['error']);
+?>
+<!DOCTYPE html>
+<html lang="es">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Login - CDT Health Care</title>
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
+    <link rel="stylesheet" href="assets/css/custom.css">
+</head>
+<body>
+    <div class="container vh-100 d-flex justify-content-center align-items-center">
+        <div class="card shadow" style="width: 24rem;">
+            <div class="card-body p-5">
+                <h3 class="card-title text-center mb-4">Iniciar Sesión</h3>
+                <?php if ($error): ?>
+                    <div class="alert alert-danger" role="alert">
+                        <?= htmlspecialchars($error) ?>
+                    </div>
+                <?php endif; ?>
+                <form action="auth.php" method="POST">
+                    <div class="mb-3">
+                        <label for="username" class="form-label">Usuario</label>
+                        <input type="text" class="form-control" id="username" name="username" required>
+                    </div>
+                    <div class="mb-4">
+                        <label for="password" class="form-label">Contraseña</label>
+                        <input type="password" class="form-control" id="password" name="password" required>
+                    </div>
+                    <div class="d-grid">
+                        <button type="submit" class="btn btn-primary">Ingresar</button>
+                    </div>
+                </form>
+            </div>
+        </div>
+    </div>
+</body>
+</html>
diff --git a/logout.php b/logout.php
new file mode 100644
index 0000000..c2d0fec
--- /dev/null
+++ b/logout.php
@@ -0,0 +1,12 @@
+<?php
+session_start();
+
+// Unset all of the session variables
+$_SESSION = array();
+
+// Destroy the session
+session_destroy();
+
+// Redirect to login page
+header("Location: login.php");
+exit;