diff --git a/__pycache__/app.cpython-312.pyc b/__pycache__/app.cpython-312.pyc
new file mode 100644
index 0000000..f3fa8b6
Binary files /dev/null and b/__pycache__/app.cpython-312.pyc differ
diff --git a/__pycache__/config.cpython-312.pyc b/__pycache__/config.cpython-312.pyc
index c9a6f11..55340cb 100644
Binary files a/__pycache__/config.cpython-312.pyc and b/__pycache__/config.cpython-312.pyc differ
diff --git a/__pycache__/models.cpython-312.pyc b/__pycache__/models.cpython-312.pyc
new file mode 100644
index 0000000..e31ef6e
Binary files /dev/null and b/__pycache__/models.cpython-312.pyc differ
diff --git a/__pycache__/routes.cpython-312.pyc b/__pycache__/routes.cpython-312.pyc
new file mode 100644
index 0000000..37e350e
Binary files /dev/null and b/__pycache__/routes.cpython-312.pyc differ
diff --git a/app.db b/app.db
new file mode 100644
index 0000000..b3b5c70
Binary files /dev/null and b/app.db differ
diff --git a/app.py b/app.py
index 9b202fb..6564ca3 100644
--- a/app.py
+++ b/app.py
@@ -40,6 +40,7 @@ def create_app(test_config=None):
     # Initialise extensions
     db.init_app(app)
     login_manager.init_app(app)
+    # User loader will be set after models import
     csrf.init_app(app)
 
     # Register blueprints
@@ -76,7 +77,10 @@ login_manager.login_view = "auth.login"
 csrf = CSRFProtect()
 
 # Import models after db is defined
-from models import User, Inspection, Photo  # noqa: E402  pylint: disable=wrong-import-position
+from models import User, Inspection, Photo, load_user  # noqa: E402  pylint: disable=wrong-import-position
+
+# Set user loader
+login_manager.user_loader(load_user)
 
 # If this script is executed directly, run the development server
 if __name__ == "__main__":
diff --git a/new.db b/new.db
new file mode 100644
index 0000000..e69de29
diff --git a/routes.py b/routes.py
new file mode 100644
index 0000000..f2c1e42
--- /dev/null
+++ b/routes.py
@@ -0,0 +1,30 @@
+from flask import Blueprint, render_template, redirect, url_for, request, flash
+from flask_login import login_user, logout_user, current_user, login_required
+
+# Auth blueprint
+auth_bp = Blueprint('auth', __name__, url_prefix='/auth')
+
+@auth_bp.route('/login', methods=['GET', 'POST'])
+def login():
+    if request.method == 'POST':
+        from models import User
+        username = request.form.get('username')
+        password = request.form.get('password')
+        user = User.query.filter_by(username=username).first()
+        if user and user.check_password(password):
+            login_user(user)
+            return redirect(url_for('main.index'))
+        flash('Invalid credentials')
+    return render_template('login.html')
+
+@auth_bp.route('/logout')
+def logout():
+    logout_user()
+    return redirect(url_for('auth.login'))
+
+# Main blueprint
+main_bp = Blueprint('main', __name__)
+
+@main_bp.route('/')
+def index():
+    return render_template('index.html')
diff --git a/testdb.sqlite b/testdb.sqlite
new file mode 100644
index 0000000..e69de29
diff --git a/testfile b/testfile
new file mode 100644
index 0000000..e69de29