diff --git a/backend.php b/backend.php
index bc75ead8a..ed8ab6c18 100644
--- a/backend.php
+++ b/backend.php
@@ -1,6 +1,8 @@
 <?
 	session_start();
 
+	if (!$_SESSION["uid"]) { exit; }
+
 	define(SCHEMA_VERSION, 2);
 
 	require_once "config.php";
@@ -9,8 +11,8 @@
 	require_once "functions.php";
 	require_once "magpierss/rss_fetch.inc";
 
-	$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
-	$_SESSION["name"] = PLACEHOLDER_NAME;
+//	$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
+//	$_SESSION["name"] = PLACEHOLDER_NAME;
 
 	$op = $_REQUEST["op"];
 
@@ -1578,6 +1580,34 @@
 				print "Unknown option: $pref_name";
 			}
 
+		} else if ($subop == "Change password") {
+
+			if (WEB_DEMO_MODE) return;
+
+			$old_pw = $_POST["OLD_PASSWORD"];
+			$new_pw = $_POST["OLD_PASSWORD"];
+
+			$old_pw_hash = 'SHA1:' . sha1($_POST["OLD_PASSWORD"]);
+			$new_pw_hash = 'SHA1:' . sha1($_POST["NEW_PASSWORD"]);
+
+			$active_uid = $_SESSION["uid"];
+
+			if ($old_pw && $new_pw) {
+
+				$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
+
+				$result = db_query($link, "SELECT id FROM ttrss_users WHERE 
+					id = '$active_uid' AND (pwd_hash = '$old_pw' OR 
+						pwd_hash = '$old_pw_hash')");
+
+				if (db_num_rows($result) == 1) {
+					db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash' 
+						WHERE id = '$active_uid'");				
+				}
+			}
+
+			header("Location: prefs.php");
+	
 		} else if ($subop == "Reset to defaults") {
 
 			if (WEB_DEMO_MODE) return;
@@ -1591,6 +1621,29 @@
 
 		} else {
 
+			print "<form action=\"backend.php\" method=\"POST\">";
+
+			print "<table width=\"100%\" class=\"prefPrefsList\">";
+ 			print "<tr><td colspan='3'><h3>Authentication</h3></tr></td>";
+
+			print "<tr><td width=\"40%\">Old password</td>";
+			print "<td><input class=\"editbox\" type=\"password\"
+				name=\"OLD_PASSWORD\"></td></tr>";
+
+			print "<tr><td width=\"40%\">New password</td>";
+			
+			print "<td><input class=\"editbox\" type=\"password\"
+				name=\"NEW_PASSWORD\"></td></tr>";
+
+			print "</table>";
+
+			print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
+
+			print "<p><input class=\"button\" type=\"submit\" 
+				value=\"Change password\" name=\"subop\">";
+
+			print "</form>";
+
 			$result = db_query($link, "SELECT 
 				ttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,
 				section_name,def_value
@@ -1602,8 +1655,6 @@
 
 			print "<form action=\"backend.php\" method=\"POST\">";
 
-			print "<table width=\"100%\" class=\"prefPrefsList\">";
-	
 			$lnum = 0;
 
 			$active_section = "";
@@ -1613,8 +1664,10 @@
 				if ($active_section != $line["section_name"]) {
 
 					if ($active_section != "") {
-						print "</table><p><table width=\"100%\" class=\"prefPrefsList\">";
+						print "</table>";
 					}
+
+					print "<p><table width=\"100%\" class=\"prefPrefsList\">";
 				
 					$active_section = $line["section_name"];				
 					
diff --git a/functions.php b/functions.php
index d07ce024f..fc9818021 100644
--- a/functions.php
+++ b/functions.php
@@ -4,8 +4,8 @@
 	require_once 'config.php';
 	require_once 'db-prefs.php';
 
-	$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
-	$_SESSION["name"] = PLACEHOLDER_NAME;
+//	$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
+//	$_SESSION["name"] = PLACEHOLDER_NAME;
 
 	define('MAGPIE_OUTPUT_ENCODING', 'UTF-8');
 
@@ -516,4 +516,29 @@
 
 	}
 
+	function authenticate_user($link) {
+
+		if (!$_SERVER['PHP_AUTH_USER']) {
+
+			header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"');
+			header('HTTP/1.0 401 Unauthorized');
+			print "<h1>401 Unathorized</h1>";
+			exit;
+			
+		} else {
+
+			$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
+			$password = db_escape_string($_SERVER['PHP_AUTH_PW']);
+			$pwd_hash = 'SHA1:' . sha1($password);
+
+			$result = db_query($link, "SELECT id,login FROM ttrss_users WHERE 
+				login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')");
+
+			if (db_num_rows($result) == 1) {
+				$_SESSION["uid"] = db_fetch_result($result, 0, "id");
+				$_SESSION["name"] = db_fetch_result($result, 0, "login");
+			}			
+		}
+	}
+
 ?>
diff --git a/opml.php b/opml.php
index 023f29ffe..0e313d52b 100644
--- a/opml.php
+++ b/opml.php
@@ -13,7 +13,7 @@
 	require_once "db.php";
 	require_once "db-prefs.php";
 
-	$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
+//	$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
 
 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	
 
diff --git a/prefs.js b/prefs.js
index 3e8b6b181..df49f85be 100644
--- a/prefs.js
+++ b/prefs.js
@@ -818,3 +818,4 @@ function dispOptionHelp(event, sender) {
 
 } */
 
+
diff --git a/prefs.php b/prefs.php
index 690de6abc..73081c7ca 100644
--- a/prefs.php
+++ b/prefs.php
@@ -8,8 +8,8 @@
 
 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	
 
-	$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
-	$_SESSION["name"] = PLACEHOLDER_NAME;
+//	$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
+//	$_SESSION["name"] = PLACEHOLDER_NAME;
 
 	initialize_user_prefs($link, $_SESSION["uid"]); 
 	// FIXME this needs to be moved somewhere after user creation
diff --git a/tt-rss.php b/tt-rss.php
index 769940c70..7b6b11b48 100644
--- a/tt-rss.php
+++ b/tt-rss.php
@@ -1,6 +1,6 @@
 <?
 	session_start();
-
+	
 	require_once "version.php"; 
 	require_once "config.php";
 	require_once "db-prefs.php";
@@ -8,9 +8,10 @@
 
 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	
 
-	$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
-	$_SESSION["name"] = PLACEHOLDER_NAME;
+	authenticate_user($link);
 
+//	$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
+//	$_SESSION["name"] = PLACEHOLDER_NAME;
 
 	initialize_user_prefs($link, $_SESSION["uid"]); 
 	// FIXME this needs to be moved somewhere after user creation
diff --git a/version.php b/version.php
index ec2ce24f6..a8c1fee7c 100644
--- a/version.php
+++ b/version.php
@@ -1,4 +1,3 @@
 <?
 	define(VERSION, "1.0.7.99");
 ?>
-
