diff --git a/stacosys/interface/templates/admin_fr.html b/stacosys/interface/templates/admin_fr.html
index ee77e35..bfe3221 100644
--- a/stacosys/interface/templates/admin_fr.html
+++ b/stacosys/interface/templates/admin_fr.html
@@ -8,10 +8,13 @@
 </head>
 <body>
   <header>
-    <h1>Modération des commentaires</h1>
+    <h2>Modération des commentaires</h2>
+    <nav>
+        <a href="/web/logout">Déconnecter</a>
+    </nav>
   </header>
   <main>
-      {% with messages = get_flashed_messages() %}
+    {% with messages = get_flashed_messages() %}
       {% if messages %}
         <blockquote>
         {% for message in messages %}
@@ -19,7 +22,7 @@
         {% endfor %}
       </blockquote>
       {% endif %}
-      {% endwith %}
+    {% endwith %}
     <table>
     <thead>
         <tr>
@@ -38,12 +41,12 @@
             <td>{{ comment.content }}</td>
             <td><a href="{{ baseurl + comment.url }}">{{ comment.url }}</a></td>
             <td>
-                <form action="/web" method="post">
+                <form action="/web/admin" method="post">
                     <input type="hidden" name="comment" value="{{comment.id}}">
                     <input type="hidden" name="action" value="APPROVE">
                     <button type="submit">Accepter</button>
                 </form>
-                <form action="/web" method="post">
+                <form action="/web/admin" method="post">
                     <input type="hidden" name="comment" value="{{comment.id}}">
                     <input type="hidden" name="action" value="REJECT">
                     <button type="submit">Rejeter</button>
diff --git a/stacosys/interface/templates/login_fr.html b/stacosys/interface/templates/login_fr.html
new file mode 100644
index 0000000..e43d951
--- /dev/null
+++ b/stacosys/interface/templates/login_fr.html
@@ -0,0 +1,42 @@
+<!doctype html>
+<html lang="en-US">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Stacosys</title>
+<link rel="stylesheet" href="https://cdn.simplecss.org/simple.min.css">
+<style>
+      form {
+        width: 350px;
+        margin: 0 auto;
+        text-align: center;
+      }
+</style>
+</head>
+<body>
+  <header>
+    <h2>Modération des commentaires</h2>
+  </header>
+  <main>
+      {% with messages = get_flashed_messages() %}
+      {% if messages %}
+        <blockquote>
+        {% for message in messages %}
+            <p>{{ message }}</p>
+        {% endfor %}
+      </blockquote>
+      {% endif %}
+      {% endwith %}
+      <form action="/web/login" method="POST">
+        <p><label>Utilisateur </label></p>
+        <p><input type="text" name="username" /></p>
+        <p><label>Mot de passe </label></p>
+        <p><input type="password" name="password" /></p>
+        <input type="submit" value="Connecter" />
+      </form>
+  </main>
+  <footer>
+    <p>Cette page a été conçue par Yax avec <a href="https://simplecss.org">Simple.css</a>.</p>
+  </footer>
+</body>
+</html>
diff --git a/stacosys/interface/web/admin.py b/stacosys/interface/web/admin.py
index df77ba9..32104e5 100644
--- a/stacosys/interface/web/admin.py
+++ b/stacosys/interface/web/admin.py
@@ -3,22 +3,49 @@
 
 import logging
 
-from flask import request, redirect, flash, render_template
+from flask import request, redirect, flash, render_template, session
 
 from stacosys.db import dao
 from stacosys.interface import app
 
 logger = logging.getLogger(__name__)
 
+user = {"username": "admin", "password": "toto"}
 
-@app.route("/web", methods=["GET"])
+
+@app.route('/web/login', methods=['POST', 'GET'])
+def login():
+    if request.method == 'POST':
+        username = request.form.get('username')
+        password = request.form.get('password')
+        if username == user['username'] and password == user['password']:
+            session['user'] = username
+            return redirect('/web/admin')
+
+        flash("Identifiant ou mot de passe incorrect")
+        return redirect('/web/login')
+
+    return render_template("login_" + app.config.get("LANG") + ".html")
+
+
+@app.route('/web/logout', methods=["GET"])
+def logout():
+    session.pop('user')
+    return redirect('/web/login')
+
+
+@app.route("/web/admin", methods=["GET"])
 def admin_homepage():
+    if not ('user' in session and session['user'] == user['username']):
+        flash("Vous avez été déconnecté.")
+        return redirect('/web/login')
+
     comments = dao.find_not_published_comments()
     return render_template("admin_" + app.config.get("LANG") + ".html", comments=comments,
                            baseurl=app.config.get("SITE_URL"))
 
 
-@app.route("/web", methods=["POST"])
+@app.route("/web/admin", methods=["POST"])
 def admin_action():
     flash(request.form.get("comment") + " " + request.form.get("action"))
-    return redirect('/web')
+    return redirect('/web/admin')