diff --git a/app/controllers/admin/assets_controller.rb b/app/controllers/admin/assets_controller.rb
index 61ef4d9b..74879184 100644
--- a/app/controllers/admin/assets_controller.rb
+++ b/app/controllers/admin/assets_controller.rb
@@ -1,6 +1,7 @@
 class Admin::AssetsController < ApplicationController
 
   layout "admin"
+  before_filter :authenticate_user!
   
   def show
     @asset = Asset.find(params[:id])
diff --git a/app/controllers/admin/components_controller.rb b/app/controllers/admin/components_controller.rb
index fda62c9a..07abc711 100644
--- a/app/controllers/admin/components_controller.rb
+++ b/app/controllers/admin/components_controller.rb
@@ -1,6 +1,7 @@
 class Admin::ComponentsController < ApplicationController
 
   layout "admin"
+  before_filter :authenticate_user!
   before_filter :find_parent_item
   
   def show
diff --git a/app/controllers/admin/items_controller.rb b/app/controllers/admin/items_controller.rb
index ad472502..72cb995c 100644
--- a/app/controllers/admin/items_controller.rb
+++ b/app/controllers/admin/items_controller.rb
@@ -1,6 +1,9 @@
 class Admin::ItemsController < ApplicationController
 
   layout "admin"
+  
+  before_filter :authenticate_user!
+    
   before_filter :find_parent_item
   before_filter :find_snippets, :only => :index
   
diff --git a/app/controllers/admin/layouts_controller.rb b/app/controllers/admin/layouts_controller.rb
index 67cfda2b..f9ff6311 100644
--- a/app/controllers/admin/layouts_controller.rb
+++ b/app/controllers/admin/layouts_controller.rb
@@ -1,6 +1,7 @@
 class Admin::LayoutsController < ApplicationController
   
   layout "admin"
+  before_filter :authenticate_user!
   
   def index
     @layouts = Layout.all
diff --git a/app/controllers/admin/links_controller.rb b/app/controllers/admin/links_controller.rb
index 71ac9f3b..b3ae0b78 100644
--- a/app/controllers/admin/links_controller.rb
+++ b/app/controllers/admin/links_controller.rb
@@ -1,6 +1,7 @@
 class Admin::LinksController < ApplicationController
 
   layout "admin"
+  before_filter :authenticate_user!
   before_filter :find_parent_item
   
   def show
diff --git a/app/controllers/admin/pages_controller.rb b/app/controllers/admin/pages_controller.rb
index 5ac4bf71..179f775b 100644
--- a/app/controllers/admin/pages_controller.rb
+++ b/app/controllers/admin/pages_controller.rb
@@ -1,6 +1,7 @@
 class Admin::PagesController < ApplicationController
 
   layout "admin"
+  before_filter :authenticate_user!
   before_filter :find_parent_item
   
   def show
diff --git a/app/controllers/admin/snippets_controller.rb b/app/controllers/admin/snippets_controller.rb
index 2f8ad933..57a2f09e 100644
--- a/app/controllers/admin/snippets_controller.rb
+++ b/app/controllers/admin/snippets_controller.rb
@@ -1,6 +1,7 @@
 class Admin::SnippetsController < ApplicationController
   
   layout "admin"
+  before_filter :authenticate_user!
   before_filter :find_parent_item
   
   def show
diff --git a/app/controllers/panel/users_controller.rb b/app/controllers/panel/users_controller.rb
new file mode 100644
index 00000000..1a0123b2
--- /dev/null
+++ b/app/controllers/panel/users_controller.rb
@@ -0,0 +1,47 @@
+class Panel::UsersController < ApplicationController
+  
+  layout "panel"
+  before_filter :authenticate_user!
+  
+  def index
+    @users = User.all
+  end
+  
+  def show
+    @user = User.find(params[:id])
+  end
+  
+  def new
+    @user = User.new
+  end
+  
+  def create
+    @user = User.new(params[:user])
+    if @user.save
+      redirect_to :action => :index
+    else
+      render :action => :new      
+    end
+  end
+  
+  def edit
+    @user = User.find(params[:id])
+  end
+  
+  def update
+    @user = User.find(params[:id])
+    if @user.update_attributes(params[:user])
+      redirect_to :action => :index
+    else
+      render :action => :edit
+    end
+  end
+  
+  def destroy
+    @user = User.find(params[:id])
+    @user.destroy
+    
+    redirect_to :action => :index
+  end
+  
+end
diff --git a/app/models/item.rb b/app/models/item.rb
index eb63113c..d9091c31 100644
--- a/app/models/item.rb
+++ b/app/models/item.rb
@@ -47,7 +47,7 @@ class Item
   
   def setup_default_value
     if self.position.blank?
-      max_page = Page.find(:last, :order => 'position')
+      max_page = Page.last(:order => 'position')
       self.position = (max_page)? max_page.position.to_i + 1 : 1
     end
     
diff --git a/app/models/user.rb b/app/models/user.rb
new file mode 100644
index 00000000..5ce3f0d8
--- /dev/null
+++ b/app/models/user.rb
@@ -0,0 +1,6 @@
+class User
+  include MongoMapper::Document
+ 
+  devise :authenticatable, :recoverable, :rememberable, :trackable
+  
+end
\ No newline at end of file
diff --git a/app/views/layouts/admin.html.erb b/app/views/layouts/admin.html.erb
index 063430ad..7f2ea76c 100644
--- a/app/views/layouts/admin.html.erb
+++ b/app/views/layouts/admin.html.erb
@@ -16,7 +16,7 @@
 <div id="container">
   <div id="header">
       
-      <h1>RulingSite</h1>
+      <h1>RulingSite Admin</h1>
       
       <ul id="nav">
           <li><%= link_to t(:home, :scope => :admin), root_path %></li>
diff --git a/app/views/layouts/panel.html.erb b/app/views/layouts/panel.html.erb
new file mode 100644
index 00000000..ff1eb0b7
--- /dev/null
+++ b/app/views/layouts/panel.html.erb
@@ -0,0 +1,45 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+  <title>R4</title>
+  <link rel="shortcut icon" href="/favicon.ico">
+  <%= yield :page_specific_link %>
+  <%= stylesheet_link_tag "easy", "main", :media => "screen, projection" %>
+  <%= stylesheet_link_tag "easyprint", :media => "print" %>
+  <!--[if IE]>
+    <%= stylesheet_link_tag "ie", :media => "screen, projection" %>
+  <![endif]-->
+  <%= yield :page_specific_css %>
+</head>
+<body>
+<div id="container">
+  <div id="header">
+      
+      <h1>RulingSite Panel</h1>
+      
+      <ul id="nav">
+          <li><%= link_to t(:home, :scope => :panel), root_path %></li>
+          <li><%= link_to t(:users, :scope => :panel), panel_users_path %></li>
+     </ul>
+  </div>
+
+  <div class="content">
+    <div class="main"><%= yield %></div>
+  	<div class="secondary"><%= yield :secondary %></div>
+  	<div class="tertiary"><%= yield :tertiary %></div>
+  </div>
+  
+  <div id="footer">
+      <p>Rulingcom</p>
+  </div>
+</div>
+
+<%= javascript_include_tag "jquery",
+                           "jquery-ui",
+                           "jrails",
+                           "easy",
+                           "application", :cache => 'all' %>
+<%= yield :page_specific_javascript %>
+</body>
+</html>
\ No newline at end of file
diff --git a/app/views/panel/users/_form.html.erb b/app/views/panel/users/_form.html.erb
new file mode 100644
index 00000000..65a98419
--- /dev/null
+++ b/app/views/panel/users/_form.html.erb
@@ -0,0 +1,9 @@
+<p>
+    <%= label_tag :name %>
+    <%= text_field_tag "user[name]" %>
+</p>
+
+<p>
+    <%= f.label :email %>
+    <%= f.text_field :email %>
+</p>
\ No newline at end of file
diff --git a/app/views/panel/users/edit.html.erb b/app/views/panel/users/edit.html.erb
new file mode 100644
index 00000000..b5d77daf
--- /dev/null
+++ b/app/views/panel/users/edit.html.erb
@@ -0,0 +1,18 @@
+<% content_for :secondary do %>
+    <ul class="list">
+        <li><%= link_to t(:new_user, :scope => :panel), new_panel_user_path, :class => 'button positive' %></li>
+    </ul>
+<% end -%>
+
+<h1>Users panel</h1>
+
+<% form_for @user, :url => panel_user_path(@user) do |f| %>
+
+    <%= render :partial => 'form', :locals => { :f => f } %>
+    
+    <p>
+        <%= f.submit %>
+    </p>
+    
+<% end -%>
+
diff --git a/app/views/panel/users/index.html.erb b/app/views/panel/users/index.html.erb
new file mode 100644
index 00000000..4fcdbd68
--- /dev/null
+++ b/app/views/panel/users/index.html.erb
@@ -0,0 +1,24 @@
+<% content_for :secondary do %>
+    <ul class="list">
+        <li><%= link_to t(:new_user, :scope => :panel), new_panel_user_path, :class => 'button positive' %></li>
+    </ul>
+<% end -%>
+
+<h1>Users panel</h1>
+
+<table>
+  <tr>
+     <th>Name</th>
+    <th>Email</th>
+    <th>Action</th>
+  </tr>
+
+<% @users.each do |user| %>
+<tr>
+    <td><%#= user.name %></td>
+    <td><%= user.email %></td>
+    <td><%= link_to 'Edit', edit_panel_user_path(user) %> | <%= link_to 'Destroy', panel_user_path(user), :method => :delete %></td>
+</tr>    
+<% end %>
+</table>
+
diff --git a/app/views/panel/users/new.html.erb b/app/views/panel/users/new.html.erb
new file mode 100644
index 00000000..d34c7582
--- /dev/null
+++ b/app/views/panel/users/new.html.erb
@@ -0,0 +1,18 @@
+<% content_for :secondary do %>
+    <ul class="list">
+        <li><%= link_to t(:new_user, :scope => :panel), new_panel_user_path, :class => 'button positive' %></li>
+    </ul>
+<% end -%>
+
+<h1>Users panel</h1>
+
+<% form_for @user, :url => panel_users_path do |f| %>
+
+    <%= render :partial => 'form', :locals => { :f => f } %>
+    
+    <p>
+        <%= f.submit %>
+    </p>
+    
+<% end -%>
+
diff --git a/config/environment.rb b/config/environment.rb
index 7a5234fa..9f228628 100644
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -23,6 +23,7 @@ Rails::Initializer.run do |config|
   config.gem "liquid"
   config.gem "mongo_mapper"  
   config.gem 'grip'
+  config.gem "devise", :version => '1.0.1'
   
   # Only load the plugins named here, in the order given (default is alphabetical).
   # :all can be used as a placeholder for all plugins not explicitly named
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 85c9a608..43762f27 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -14,4 +14,6 @@ config.action_view.debug_rjs                         = true
 config.action_controller.perform_caching             = false
 
 # Don't care if the mailer can't send
-config.action_mailer.raise_delivery_errors = false
\ No newline at end of file
+config.action_mailer.raise_delivery_errors = false
+
+config.action_mailer.default_url_options = { :host => 'localhost:3000' }
\ No newline at end of file
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
new file mode 100644
index 00000000..03d1d1b7
--- /dev/null
+++ b/config/initializers/devise.rb
@@ -0,0 +1,102 @@
+# Use this hook to configure devise mailer, warden hooks and so forth. The first
+# four configuration values can also be set straight in your models.
+Devise.setup do |config|
+  # Configure the e-mail address which will be shown in DeviseMailer.
+  # config.mailer_sender = "please-change-me@config-initializers-devise.com"
+
+  # ==> Configuration for :authenticatable
+  # Invoke `rake secret` and use the printed value to setup a pepper to generate
+  # the encrypted password. By default no pepper is used.
+  # config.pepper = "rake secret output"
+
+  # Configure how many times you want the password is reencrypted. Default is 10.
+  # config.stretches = 10
+
+  # Define which will be the encryption algorithm. Supported algorithms are :sha1
+  # (default), :sha512 and :bcrypt. Devise also supports encryptors from others
+  # authentication tools as :clearance_sha1, :authlogic_sha512 (then you should set
+  # stretches above to 20 for default behavior) and :restful_authentication_sha1
+  # (then you should set stretches to 10, and copy REST_AUTH_SITE_KEY to pepper)
+  # config.encryptor = :sha1
+
+  # Configure which keys are used when authenticating an user. By default is
+  # just :email. You can configure it to use [:username, :subdomain], so for
+  # authenticating an user, both parameters are required. Remember that those
+  # parameters are used only when authenticating and not when retrieving from
+  # session. If you need permissions, you should implement that in a before filter.
+  # config.authentication_keys = [ :email ]
+
+  # The realm used in Http Basic Authentication
+  # config.http_authentication_realm = "Application"
+
+  # ==> Configuration for :confirmable
+  # The time you want give to your user to confirm his account. During this time
+  # he will be able to access your application without confirming. Default is nil.
+  # config.confirm_within = 2.days
+
+  # ==> Configuration for :rememberable
+  # The time the user will be remembered without asking for credentials again.
+  # config.remember_for = 2.weeks
+
+  # ==> Configuration for :timeoutable
+  # The time you want to timeout the user session without activity. After this
+  # time the user will be asked for credentials again.
+  # config.timeout_in = 10.minutes
+
+  # ==> Configuration for :lockable
+  # Number of authentication tries before locking an account.
+  # config.maximum_attempts = 20
+
+  # Defines which strategy will be used to unlock an account.
+  # :email = Sends an unlock link to the user email
+  # :time  = Reanables login after a certain ammount of time (see :unlock_in below)
+  # :both  = enables both strategies
+  # config.unlock_strategy = :both
+
+  # Time interval to unlock the account if :time is enabled as unlock_strategy.
+  # config.unlock_in = 1.hour
+
+  # ==> Configuration for :token_authenticatable
+  # Defines name of the authentication token params key
+  # config.token_authentication_key = :auth_token
+
+  # ==> General configuration
+  # Load and configure the ORM. Supports :active_record (default), :mongo_mapper
+  # (requires mongo_ext installed) and :data_mapper (experimental).
+  # require 'devise/orm/mongo_mapper'
+  config.orm = :mongo_mapper
+
+  # Turn scoped views on. Before rendering "sessions/new", it will first check for
+  # "sessions/users/new". It's turned off by default because it's slower if you
+  # are using only default views.
+  # config.scoped_views = true
+
+  # By default, devise detects the role accessed based on the url. So whenever
+  # accessing "/users/sign_in", it knows you are accessing an User. This makes
+  # routes as "/sign_in" not possible, unless you tell Devise to use the default
+  # scope, setting true below.
+  # config.use_default_scope = true
+
+  # Configure the default scope used by Devise. By default it's the first devise
+  # role declared in your routes.
+  # config.default_scope = :user
+
+  # If you want to use other strategies, that are not (yet) supported by Devise,
+  # you can configure them inside the config.warden block. The example below
+  # allows you to setup OAuth, using http://github.com/roman/warden_oauth
+  #
+  # config.warden do |manager|
+  #   manager.oauth(:twitter) do |twitter|
+  #     twitter.consumer_secret = <YOUR CONSUMER SECRET>
+  #     twitter.consumer_key  = <YOUR CONSUMER KEY>
+  #     twitter.options :site => 'http://twitter.com'
+  #   end
+  #   manager.default_strategies.unshift :twitter_oauth
+  # end
+
+  # Configure default_url_options if you are using dynamic segments in :path_prefix
+  # for devise_for.
+  # config.default_url_options do
+  #   { :locale => I18n.locale }
+  # end
+end
diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml
new file mode 100644
index 00000000..3428bf06
--- /dev/null
+++ b/config/locales/devise.en.yml
@@ -0,0 +1,35 @@
+en:
+  devise:
+    sessions:
+      link: 'Sign in'
+      signed_in: 'Signed in successfully.'
+      signed_out: 'Signed out successfully.'
+      unauthenticated: 'You need to sign in or sign up before continuing.'
+      unconfirmed: 'You have to confirm your account before continuing.'
+      locked: 'Your account is locked.'
+      invalid: 'Invalid email or password.'
+      invalid_token: 'Invalid authentication token.'
+      timeout: 'Your session expired, please sign in again to continue.'
+      inactive: 'Your account was not activated yet.'
+    passwords:
+      link: 'Forgot password?'
+      send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
+      updated: 'Your password was changed successfully. You are now signed in.'
+    confirmations:
+      link: "Didn't receive confirmation instructions?"
+      send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
+      confirmed: 'Your account was successfully confirmed. You are now signed in.'
+    registrations:
+      link: 'Sign up'
+      signed_up: 'You have signed up successfully.'
+      updated: 'You updated your account successfully.'
+      destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
+    unlocks:
+      link: "Didn't receive unlock instructions?"
+      send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
+      unlocked: 'Your account was successfully unlocked. You are now signed in.'
+    mailer:
+      confirmation_instructions: 'Confirmation instructions'
+      reset_password_instructions: 'Reset password instructions'
+      unlock_instructions: 'Unlock Instructions'
+
diff --git a/config/locales/zh_tw.yml b/config/locales/zh_tw.yml
index 18ebd351..68c9a198 100644
--- a/config/locales/zh_tw.yml
+++ b/config/locales/zh_tw.yml
@@ -17,4 +17,9 @@ zh_tw:
     asset: 資產管理
     new_asset: 新增資產
     move_up: 往上移
-    move_down: 往下移
\ No newline at end of file
+    move_down: 往下移
+  
+  panel:
+    home: 首頁
+    users: 使用者管理
+    new_user: 新增使用者
\ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index d93c86be..d35cb85c 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -13,9 +13,12 @@ ActionController::Routing::Routes.draw do |map|
   end
   
   map.namespace :panel do |panel|
+    panel.resources :users
     panel.resources :announcements
   end
   
+  map.devise_for :users
+  
   # The priority is based upon order of creation: first created -> highest priority.
 
   # Sample of regular route:
diff --git a/lib/tasks/dev.rake b/lib/tasks/dev.rake
index 23f06ea6..90aa3de7 100644
--- a/lib/tasks/dev.rake
+++ b/lib/tasks/dev.rake
@@ -1,6 +1,9 @@
 namespace :dev do
   
   task :build => :environment do
+    User.delete_all
+    User.create!( :email => 'ihower@rulingcom.com', :password => 'password', :password_confirmation => 'password' )
+    
     [Announcement, Item, Snippet, Layout].each { |m| m.delete_all }
       Layout.create!( :name => 'root', :description => 'root', :content_zh_tw => File.open("#{RAILS_ROOT}/lib/template/root.layout.zh_tw").read,
                                       :content_en => File.open("#{RAILS_ROOT}/lib/template/root.layout.en").read)