diff --git a/index.php b/index.php
index baa46a5..94f8a65 100644
--- a/index.php
+++ b/index.php
@@ -1,3 +1,4 @@
+<?php session_start(); ?>
 <!DOCTYPE html>
 <html lang="fa" dir="rtl">
 <head>
@@ -35,13 +36,17 @@
                 </a>
 
                 <ul class="nav col-12 col-lg-auto me-lg-auto mb-2 justify-content-center mb-md-0">
-                    <li><a href="#" class="nav-link px-2 link-secondary">خانه</a></li>
+                    <li><a href="index.php" class="nav-link px-2 link-secondary">خانه</a></li>
+                    <li><a href="roles.php" class="nav-link px-2 link-dark">مدیریت نقش‌ها</a></li>
+                    <li><a href="users.php" class="nav-link px-2 link-dark">مدیریت کاربران</a></li>
                 </ul>
 
                 <div class="text-end">
-                    <button type="button" class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#loginModal">
-                        ورود
-                    </button>
+                    <?php if (isset($_SESSION['user_id'])): ?>
+                        <a href="logout.php" class="btn btn-outline-primary">خروج</a>
+                    <?php else: ?>
+                        <a href="login.php" class="btn btn-primary">ورود</a>
+                    <?php endif; ?>
                 </div>
             </div>
         </div>
@@ -92,31 +97,6 @@
         </div>
     </footer>
 
-    <!-- Login Modal -->
-    <div class="modal fade" id="loginModal" tabindex="-1" aria-labelledby="loginModalLabel" aria-hidden="true">
-        <div class="modal-dialog modal-dialog-centered">
-            <div class="modal-content">
-                <div class="modal-header">
-                    <h5 class="modal-title" id="loginModalLabel">ورود به سیستم</h5>
-                    <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
-                </div>
-                <div class="modal-body">
-                    <form>
-                        <div class="mb-3">
-                            <label for="username" class="form-label">نام کاربری</label>
-                            <input type="text" class="form-control" id="username">
-                        </div>
-                        <div class="mb-3">
-                            <label for="password" class="form-label">رمز عبور</label>
-                            <input type="password" class="form-control" id="password">
-                        </div>
-                        <button type="submit" class="btn btn-primary w-100">ورود</button>
-                    </form>
-                </div>
-            </div>
-        </div>
-    </div>
-
     <!-- Bootstrap JS -->
     <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
     <!-- Custom JS -->
diff --git a/login.php b/login.php
new file mode 100644
index 0000000..3885ff3
--- /dev/null
+++ b/login.php
@@ -0,0 +1,91 @@
+<?php
+session_start();
+require_once 'db/config.php';
+
+$db = db();
+
+// Redirect if already logged in
+if (isset($_SESSION['user_id'])) {
+    header("Location: index.php");
+    exit();
+}
+
+$error_message = '';
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $username = $_POST['username'] ?? '';
+    $password = $_POST['password'] ?? '';
+
+    if (empty($username) || empty($password)) {
+        $error_message = 'Please enter both username and password.';
+    } else {
+        $stmt = $db->prepare("SELECT id, password, role_id FROM users WHERE username = :username");
+        $stmt->bindParam(':username', $username);
+        $stmt->execute();
+        $user = $stmt->fetch(PDO::FETCH_ASSOC);
+
+        if ($user && password_verify($password, $user['password'])) {
+            $_SESSION['user_id'] = $user['id'];
+            $_SESSION['username'] = $username;
+            $_SESSION['role_id'] = $user['role_id'];
+            header("Location: index.php");
+            exit();
+        } else {
+            $error_message = 'Invalid username or password.';
+        }
+    }
+}
+
+// Fetch header content
+ob_start();
+include 'index.php';
+$page_content = ob_get_clean();
+
+// Extract only the <head> and <header>
+$head_and_header = '';
+if (preg_match('/<head>.*?<\/head>/s', $page_content, $head_match)) {
+    $head_and_header .= $head_match[0];
+}
+if (preg_match('/<header>.*?<\/header>/s', $page_content, $header_match)) {
+    $head_and_header .= $header_match[0];
+}
+
+// Replace active nav link
+$head_and_header = str_replace('<a class="nav-link" href="index.php">Home</a>', '<a class="nav-link" href="index.php">Home</a>', $head_and_header);
+$head_and_header = preg_replace('/<a class="nav-link active" (.*?)>/', '<a class="nav-link" $1>', $head_and_header);
+
+
+echo str_replace('</head>', '<style>.login-container { max-width: 400px; margin: 5rem auto; }</style></head>', $head_and_header);
+
+?>
+
+<main class="container mt-5">
+    <div class="login-container card">
+        <div class="card-body">
+            <h1 class="card-title text-center mb-4">Login</h1>
+            <?php if ($error_message): ?>
+                <div class="alert alert-danger"><?php echo $error_message; ?></div>
+            <?php endif; ?>
+            <form action="login.php" method="post">
+                <div class="mb-3">
+                    <label for="username" class="form-label">Username</label>
+                    <input type="text" class="form-control" id="username" name="username" required>
+                </div>
+                <div class="mb-3">
+                    <label for="password" class="form-label">Password</label>
+                    <input type="password" class="form-control" id="password" name="password" required>
+                </div>
+                <div class="d-grid">
+                    <button type="submit" class="btn btn-primary">Login</button>
+                </div>
+            </form>
+        </div>
+    </div>
+</main>
+
+<?php
+// Extract footer
+if (preg_match('/<footer.*?>.*?<\/footer>/s', $page_content, $footer_match)) {
+    echo $footer_match[0];
+}
+?>
diff --git a/logout.php b/logout.php
new file mode 100644
index 0000000..e4bc3fa
--- /dev/null
+++ b/logout.php
@@ -0,0 +1,6 @@
+<?php
+session_start();
+session_unset();
+session_destroy();
+header("Location: login.php");
+exit();
diff --git a/roles.php b/roles.php
new file mode 100644
index 0000000..9bff98a
--- /dev/null
+++ b/roles.php
@@ -0,0 +1,161 @@
+<?php
+session_start();
+
+// Authentication check
+if (!isset($_SESSION['user_id'])) {
+    header('Location: login.php');
+    exit();
+}
+
+require_once 'db/config.php';
+
+try {
+    $pdo = db();
+    
+    // Create roles table if it doesn't exist
+    $pdo->exec("CREATE TABLE IF NOT EXISTS roles (
+        id INT AUTO_INCREMENT PRIMARY KEY,
+        name VARCHAR(255) NOT NULL UNIQUE
+    )");
+
+    // Handle Create and Update
+    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+        if (isset($_POST['add_role'])) {
+            $name = trim($_POST['role_name']);
+            if (!empty($name)) {
+                $stmt = $pdo->prepare("INSERT INTO roles (name) VALUES (:name)");
+                $stmt->execute(['name' => $name]);
+            }
+        } elseif (isset($_POST['update_role'])) {
+            $id = $_POST['role_id'];
+            $name = trim($_POST['role_name']);
+            if (!empty($name) && !empty($id)) {
+                $stmt = $pdo->prepare("UPDATE roles SET name = :name WHERE id = :id");
+                $stmt->execute(['name' => $name, 'id' => $id]);
+            }
+        }
+        header("Location: roles.php");
+        exit;
+    }
+
+    // Handle Delete
+    if (isset($_GET['delete_id'])) {
+        $id = $_GET['delete_id'];
+        $stmt = $pdo->prepare("DELETE FROM roles WHERE id = :id");
+        $stmt->execute(['id' => $id]);
+        header("Location: roles.php");
+        exit;
+    }
+
+    // Fetch all roles
+    $roles = $pdo->query("SELECT * FROM roles ORDER BY id DESC")->fetchAll();
+
+    // Fetch role for editing
+    $editing_role = null;
+    if (isset($_GET['edit_id'])) {
+        $id = $_GET['edit_id'];
+        $stmt = $pdo->prepare("SELECT * FROM roles WHERE id = :id");
+        $stmt->execute(['id' => $id]);
+        $editing_role = $stmt->fetch();
+    }
+
+} catch (PDOException $e) {
+    die("Database error: " . $e->getMessage());
+}
+?>
+<!DOCTYPE html>
+<html lang="fa" dir="rtl">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>مدیریت نقش‌ها</title>
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.rtl.min.css" rel="stylesheet">
+    <link href="https://fonts.googleapis.com/css2?family=Vazirmatn:wght@400;700&display=swap" rel="stylesheet">
+    <link rel="stylesheet" href="assets/css/custom.css?v=<?php echo time(); ?>">
+    <script src="https://unpkg.com/feather-icons"></script>
+</head>
+<body>
+
+    <header class="p-3 mb-3 border-bottom sticky-top bg-light">
+        <div class="container">
+            <div class="d-flex flex-wrap align-items-center justify-content-center justify-content-lg-start">
+                <a href="/" class="d-flex align-items-center mb-2 mb-lg-0 text-dark text-decoration-none">
+                    <span class="fs-4">مدیریت مدرسه</span>
+                </a>
+                <ul class="nav col-12 col-lg-auto me-lg-auto mb-2 justify-content-center mb-md-0">
+                    <li><a href="index.php" class="nav-link px-2 link-dark">خانه</a></li>
+                    <li><a href="roles.php" class="nav-link px-2 link-secondary">مدیریت نقش‌ها</a></li>
+                    <li><a href="users.php" class="nav-link px-2 link-dark">مدیریت کاربران</a></li>
+                </ul>
+                <div class="text-end">
+                    <?php if (isset($_SESSION['user_id'])): ?>
+                        <a href="logout.php" class="btn btn-outline-primary">خروج</a>
+                    <?php else: ?>
+                        <a href="login.php" class="btn btn-primary">ورود</a>
+                    <?php endif; ?>
+                </div>
+            </div>
+        </div>
+    </header>
+
+    <main class="container py-5">
+        <div class="row">
+            <div class="col-md-8">
+                <h2>فهرست نقش‌ها</h2>
+                <div class="table-responsive">
+                    <table class="table table-striped table-hover">
+                        <thead>
+                            <tr>
+                                <th>#</th>
+                                <th>نام نقش</th>
+                                <th>عملیات</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            <?php foreach ($roles as $role): ?>
+                            <tr>
+                                <td><?php echo htmlspecialchars($role['id']); ?></td>
+                                <td><?php echo htmlspecialchars($role['name']); ?></td>
+                                <td>
+                                    <a href="roles.php?edit_id=<?php echo $role['id']; ?>" class="btn btn-sm btn-outline-primary">ویرایش</a>
+                                    <a href="roles.php?delete_id=<?php echo $role['id']; ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('آیا مطمئن هستید؟')">حذف</a>
+                                </td>
+                            </tr>
+                            <?php endforeach; ?>
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+            <div class="col-md-4">
+                <h2><?php echo $editing_role ? 'ویرایش نقش' : 'افزودن نقش جدید'; ?></h2>
+                <form method="POST" action="roles.php">
+                    <?php if ($editing_role): ?>
+                        <input type="hidden" name="role_id" value="<?php echo $editing_role['id']; ?>">
+                    <?php endif; ?>
+                    <div class="mb-3">
+                        <label for="role_name" class="form-label">نام نقش</label>
+                        <input type="text" class="form-control" id="role_name" name="role_name" value="<?php echo htmlspecialchars($editing_role['name'] ?? ''); ?>" required>
+                    </div>
+                    <?php if ($editing_role): ?>
+                        <button type="submit" name="update_role" class="btn btn-primary w-100">به‌روزرسانی</button>
+                        <a href="roles.php" class="btn btn-secondary w-100 mt-2">انصراف</a>
+                    <?php else: ?>
+                        <button type="submit" name="add_role" class="btn btn-success w-100">افزودن</button>
+                    <?php endif; ?>
+                </form>
+            </div>
+        </div>
+    </main>
+
+    <footer class="footer mt-auto py-3 bg-light">
+        <div class="container text-center">
+            <span class="text-muted">© 2025 سیستم مدیریت مدرسه</span>
+        </div>
+    </footer>
+
+    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
+    <script>
+        feather.replace()
+    </script>
+</body>
+</html>
diff --git a/users.php b/users.php
new file mode 100644
index 0000000..f775aba
--- /dev/null
+++ b/users.php
@@ -0,0 +1,228 @@
+<?php
+session_start();
+
+// Authentication check
+if (!isset($_SESSION['user_id'])) {
+    header('Location: login.php');
+    exit();
+}
+
+require_once 'db/config.php';
+
+try {
+    $pdo = db();
+    
+    // Create users table if it doesn't exist
+    $pdo->exec("CREATE TABLE IF NOT EXISTS users (
+        id INT AUTO_INCREMENT PRIMARY KEY,
+        username VARCHAR(255) NOT NULL UNIQUE,
+        email VARCHAR(255) NOT NULL UNIQUE,
+        password VARCHAR(255) NOT NULL,
+        role_id INT,
+        created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+        FOREIGN KEY (role_id) REFERENCES roles(id) ON DELETE SET NULL
+    )");
+
+    // Fetch all roles for the dropdown
+    $roles = $pdo->query("SELECT * FROM roles ORDER BY name")->fetchAll();
+
+    // Handle Create and Update
+    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+        if (isset($_POST['add_user'])) {
+            $username = trim($_POST['username']);
+            $email = trim($_POST['email']);
+            $password = $_POST['password'];
+            $role_id = $_POST['role_id'];
+
+            if (!empty($username) && !empty($email) && !empty($password) && !empty($role_id)) {
+                $hashed_password = password_hash($password, PASSWORD_DEFAULT);
+                $stmt = $pdo->prepare("INSERT INTO users (username, email, password, role_id) VALUES (:username, :email, :password, :role_id)");
+                $stmt->execute([
+                    'username' => $username,
+                    'email' => $email,
+                    'password' => $hashed_password,
+                    'role_id' => $role_id
+                ]);
+            }
+        } elseif (isset($_POST['update_user'])) {
+            $id = $_POST['user_id'];
+            $username = trim($_POST['username']);
+            $email = trim($_POST['email']);
+            $password = $_POST['password'];
+            $role_id = $_POST['role_id'];
+
+            if (!empty($id) && !empty($username) && !empty($email) && !empty($role_id)) {
+                if (!empty($password)) {
+                    $hashed_password = password_hash($password, PASSWORD_DEFAULT);
+                    $stmt = $pdo->prepare("UPDATE users SET username = :username, email = :email, password = :password, role_id = :role_id WHERE id = :id");
+                    $stmt->execute([
+                        'username' => $username,
+                        'email' => $email,
+                        'password' => $hashed_password,
+                        'role_id' => $role_id,
+                        'id' => $id
+                    ]);
+                } else {
+                    $stmt = $pdo->prepare("UPDATE users SET username = :username, email = :email, role_id = :role_id WHERE id = :id");
+                    $stmt->execute([
+                        'username' => $username,
+                        'email' => $email,
+                        'role_id' => $role_id,
+                        'id' => $id
+                    ]);
+                }
+            }
+        }
+        header("Location: users.php");
+        exit;
+    }
+
+    // Handle Delete
+    if (isset($_GET['delete_id'])) {
+        $id = $_GET['delete_id'];
+        $stmt = $pdo->prepare("DELETE FROM users WHERE id = :id");
+        $stmt->execute(['id' => $id]);
+        header("Location: users.php");
+        exit;
+    }
+
+    // Fetch all users with their role names
+    $users = $pdo->query("
+        SELECT users.*, roles.name AS role_name 
+        FROM users 
+        LEFT JOIN roles ON users.role_id = roles.id 
+        ORDER BY users.id DESC
+    ")->fetchAll();
+
+    // Fetch user for editing
+    $editing_user = null;
+    if (isset($_GET['edit_id'])) {
+        $id = $_GET['edit_id'];
+        $stmt = $pdo->prepare("SELECT * FROM users WHERE id = :id");
+        $stmt->execute(['id' => $id]);
+        $editing_user = $stmt->fetch();
+    }
+
+} catch (PDOException $e) {
+    die("Database error: " . $e->getMessage());
+}
+?>
+<!DOCTYPE html>
+<html lang="fa" dir="rtl">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>مدیریت کاربران</title>
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.rtl.min.css" rel="stylesheet">
+    <link href="https://fonts.googleapis.com/css2?family=Vazirmatn:wght@400;700&display=swap" rel="stylesheet">
+    <link rel="stylesheet" href="assets/css/custom.css?v=<?php echo time(); ?>">
+    <script src="https://unpkg.com/feather-icons"></script>
+</head>
+<body>
+
+    <header class="p-3 mb-3 border-bottom sticky-top bg-light">
+        <div class="container">
+            <div class="d-flex flex-wrap align-items-center justify-content-center justify-content-lg-start">
+                <a href="/" class="d-flex align-items-center mb-2 mb-lg-0 text-dark text-decoration-none">
+                    <span class="fs-4">مدیریت مدرسه</span>
+                </a>
+                <ul class="nav col-12 col-lg-auto me-lg-auto mb-2 justify-content-center mb-md-0">
+                    <li><a href="index.php" class="nav-link px-2 link-dark">خانه</a></li>
+                    <li><a href="roles.php" class="nav-link px-2 link-dark">مدیریت نقش‌ها</a></li>
+                    <li><a href="users.php" class="nav-link px-2 link-secondary">مدیریت کاربران</a></li>
+                </ul>
+                <div class="text-end">
+                    <?php if (isset($_SESSION['user_id'])): ?>
+                        <a href="logout.php" class="btn btn-outline-primary">خروج</a>
+                    <?php else: ?>
+                        <a href="login.php" class="btn btn-primary">ورود</a>
+                    <?php endif; ?>
+                </div>
+            </div>
+        </div>
+    </header>
+
+    <main class="container py-5">
+        <div class="row">
+            <div class="col-md-8">
+                <h2>فهرست کاربران</h2>
+                <div class="table-responsive">
+                    <table class="table table-striped table-hover">
+                        <thead>
+                            <tr>
+                                <th>#</th>
+                                <th>نام کاربری</th>
+                                <th>ایمیل</th>
+                                <th>نقش</th>
+                                <th>عملیات</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            <?php foreach ($users as $user): ?>
+                            <tr>
+                                <td><?php echo htmlspecialchars($user['id']); ?></td>
+                                <td><?php echo htmlspecialchars($user['username']); ?></td>
+                                <td><?php echo htmlspecialchars($user['email']); ?></td>
+                                <td><?php echo htmlspecialchars($user['role_name'] ?? 'بدون نقش'); ?></td>
+                                <td>
+                                    <a href="users.php?edit_id=<?php echo $user['id']; ?>" class="btn btn-sm btn-outline-primary">ویرایش</a>
+                                    <a href="users.php?delete_id=<?php echo $user['id']; ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('آیا مطمئن هستید؟')">حذف</a>
+                                </td>
+                            </tr>
+                            <?php endforeach; ?>
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+            <div class="col-md-4">
+                <h2><?php echo $editing_user ? 'ویرایش کاربر' : 'افزودن کاربر جدید'; ?></h2>
+                <form method="POST" action="users.php">
+                    <?php if ($editing_user): ?>
+                        <input type="hidden" name="user_id" value="<?php echo $editing_user['id']; ?>">
+                    <?php endif; ?>
+                    <div class="mb-3">
+                        <label for="username" class="form-label">نام کاربری</label>
+                        <input type="text" class="form-control" id="username" name="username" value="<?php echo htmlspecialchars($editing_user['username'] ?? ''); ?>" required>
+                    </div>
+                    <div class="mb-3">
+                        <label for="email" class="form-label">ایمیل</label>
+                        <input type="email" class="form-control" id="email" name="email" value="<?php echo htmlspecialchars($editing_user['email'] ?? ''); ?>" required>
+                    </div>
+                    <div class="mb-3">
+                        <label for="password" class="form-label">رمز عبور <?php echo $editing_user ? '(خالی بگذارید تا بدون تغییر بماند)' : ''; ?></label>
+                        <input type="password" class="form-control" id="password" name="password" <?php echo !$editing_user ? 'required' : ''; ?>>
+                    </div>
+                    <div class="mb-3">
+                        <label for="role_id" class="form-label">نقش</label>
+                        <select class="form-select" id="role_id" name="role_id" required>
+                            <option value="">یک نقش انتخاب کنید</option>
+                            <?php foreach ($roles as $role): ?>
+                                <option value="<?php echo $role['id']; ?>" <?php echo (isset($editing_user) && $editing_user['role_id'] == $role['id']) ? 'selected' : ''; ?>>
+                                    <?php echo htmlspecialchars($role['name']); ?>
+                                </option>
+                            <?php endforeach; ?>
+                        </select>
+                    </div>
+                    <?php if ($editing_user): ?>
+                        <button type="submit" name="update_user" class="btn btn-primary w-100">به‌روزرسانی</button>
+                        <a href="users.php" class="btn btn-secondary w-100 mt-2">انصراف</a>
+                    <?php else: ?>
+                        <button type="submit" name="add_user" class="btn btn-success w-100">افزودن</button>
+                    <?php endif; ?>
+                </form>
+            </div>
+        </div>
+    </main>
+
+    <footer class="footer mt-auto py-3 bg-light">
+        <div class="container text-center">
+            <span class="text-muted">© 2025 سیستم مدیریت مدرسه</span>
+        </div>
+    </footer>
+
+    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
+    <script>
+        feather.replace()
+    </script>
+</body>
+</html>