diff --git a/www/M3-06-messages.dat b/www/M3-06-messages.dat
deleted file mode 100644
index 5e6a3fd..0000000
--- a/www/M3-06-messages.dat
+++ /dev/null
@@ -1 +0,0 @@
-<hr><p>Från: 555</p><p>afsdgfh</p>
\ No newline at end of file
diff --git a/www/M4-01-users.dat b/www/M4-01-users.dat
deleted file mode 100644
index b0f1c20..0000000
Binary files a/www/M4-01-users.dat and /dev/null differ
diff --git a/www/public/M2/09/userManipulation.php b/www/public/M2/09/userManipulation.php
index a04f466..76ff560 100644
--- a/www/public/M2/09/userManipulation.php
+++ b/www/public/M2/09/userManipulation.php
@@ -13,7 +13,7 @@
 
     function addUser($user)
     {
-        $file = "../../../M2-09-users.dat";
+        $file = "../../../userData/M2-09-users.dat";
 
         if(file_exists($file)) {
             $users = unserialize(file_get_contents($file));
@@ -30,7 +30,7 @@
 
     function isPresent($userToFind)
     {
-        $file = "../../../M2-09-users.dat";
+        $file = "../../../userData/M2-09-users.dat";
         if (file_exists($file)) {
             $userArray = unserialize(file_get_contents($file));
         }
diff --git a/www/public/M3/02/index.php b/www/public/M3/02/index.php
index 8a2ede0..0d14cac 100644
--- a/www/public/M3/02/index.php
+++ b/www/public/M3/02/index.php
@@ -3,12 +3,12 @@
         session_start();
     }
     $hit = 0;
-    if(file_exists("../../../M3-02-hit.dat")) {
-        $hit = file_get_contents("../../../M3-02-hit.dat");
+    if(file_exists("../../../userCount/M3-02-hit.dat")) {
+        $hit = file_get_contents("../../../userCount/M3-02-hit.dat");
     }  
     $hit++; // Ökar antalet besökare med 1
     
-    file_put_contents("../../../M3-02-hit.dat", $hit);
+    file_put_contents("../../../userCount/M3-02-hit.dat", $hit);
     echo $hit;
 ?>
 <!doctype html>
diff --git a/www/public/M3/03/index.php b/www/public/M3/03/index.php
index af94ad5..1d05c18 100644
--- a/www/public/M3/03/index.php
+++ b/www/public/M3/03/index.php
@@ -8,8 +8,8 @@ else {
   }
 }
 
-if (file_exists("../../../M3-03-hit.dat")) {
-  $hit = file_get_contents("../../../M3-03-hit.dat");
+if (file_exists("../../../userCount/M3-03-hit.dat")) {
+  $hit = file_get_contents("../../../userCount/M3-03-hit.dat");
 }
 echo $hit;
 
@@ -20,12 +20,12 @@ function login()
     $_SESSION['logged_in'] = true;
 
     $hit = 0;
-    if (file_exists("../../../M3-03-hit.dat")) {
-      $hit = file_get_contents("../../../M3-03-hit.dat");
+    if (file_exists("../../../userCount/M3-03-hit.dat")) {
+      $hit = file_get_contents("../../../userCount/M3-03-hit.dat");
     }
     $hit++; // Ökar antalet besökare med 1
 
-    file_put_contents("../../../M3-03-hit.dat", $hit);
+    file_put_contents("../../../userCount/M3-03-hit.dat", $hit);
   }
 }
 function logout()
diff --git a/www/public/M3/04/index.php b/www/public/M3/04/index.php
index 4dee2bb..eff06c7 100644
--- a/www/public/M3/04/index.php
+++ b/www/public/M3/04/index.php
@@ -9,8 +9,8 @@ else {
   #header("Location: login.php");
 }
 
-if (file_exists("../../../M3-04-hit.dat")) {
-  $hit = file_get_contents("../../../M3-04-hit.dat");
+if (file_exists("../../../userCount/M3-04-hit.dat")) {
+  $hit = file_get_contents("../../../userCount/M3-04-hit.dat");
 }
 echo $hit;
 
@@ -21,12 +21,12 @@ function login()
     $_SESSION['logged_in'] = true;
 
     $hit = 0;
-    if (file_exists("../../../M3-04-hit.dat")) {
-      $hit = file_get_contents("../../../M3-04-hit.dat");
+    if (file_exists("../../../userCount/M3-04-hit.dat")) {
+      $hit = file_get_contents("../../../userCount/M3-04-hit.dat");
     }
     $hit++; // Ökar antalet besökare med 1
 
-    file_put_contents("../../../M3-04-hit.dat", $hit);
+    file_put_contents("../../../userCount/M3-04-hit.dat", $hit);
   }
 }
 function logout()
diff --git a/www/public/M3/04/pages/klotter.php b/www/public/M3/04/pages/klotter.php
index d2b6df4..24ae777 100644
--- a/www/public/M3/04/pages/klotter.php
+++ b/www/public/M3/04/pages/klotter.php
@@ -15,8 +15,8 @@ else {
 </form>
 
 <?php 
-    if(file_exists("../../../M3-04-messages.dat")) {
-        echo file_get_contents("../../../M3-04-messages.dat");
+    if(file_exists("../../../userData/M3-04-messages.dat")) {
+        echo file_get_contents("../../../userData/M3-04-messages.dat");
     }
 }
     ?>
\ No newline at end of file
diff --git a/www/public/M3/04/saveMsg.php b/www/public/M3/04/saveMsg.php
index 0fd3790..5a81c74 100644
--- a/www/public/M3/04/saveMsg.php
+++ b/www/public/M3/04/saveMsg.php
@@ -2,7 +2,7 @@
     $name = "<hr><p>Från: " . $_POST['name'] . "</p>";
     $msg = "<p>" . $_POST['message'] . "</p>";
     
-    file_put_contents("../../../M3-04-messages.dat",$name.$msg,FILE_APPEND);
+    file_put_contents("../../../userData/M3-04-messages.dat",$name.$msg,FILE_APPEND);
     
     header("location: index.php?page=klotter"); //Omdirigerar till klotterplanket
 ?>
\ No newline at end of file
diff --git a/www/public/M3/06/index.php b/www/public/M3/06/index.php
index ec359ed..04b0adc 100644
--- a/www/public/M3/06/index.php
+++ b/www/public/M3/06/index.php
@@ -11,8 +11,8 @@ else {
   #header("Location: login.php");
 }
 
-if (file_exists("../../../M3-06-hit.dat")) {
-  $hit = file_get_contents("../../../M3-06-hit.dat");
+if (file_exists("../../../userCount/M3-06-hit.dat")) {
+  $hit = file_get_contents("../../../userCount/M3-06-hit.dat");
   echo $hit;
 }
 
@@ -71,12 +71,12 @@ function incUserCount() {
     session_start();
 
     $hit = 0;
-    if (file_exists("../../../M3-06-hit.dat")) {
-      $hit = file_get_contents("../../../M3-06-hit.dat");
+    if (file_exists("../../../userCount/M3-06-hit.dat")) {
+      $hit = file_get_contents("../../../userCount/M3-06-hit.dat");
     }
     $hit++; // Ökar antalet besökare med 1
 
-    file_put_contents("../../../M3-06-hit.dat", $hit);
+    file_put_contents("../../../userCount/M3-06-hit.dat", $hit);
   }
 }
 
diff --git a/www/public/M3/06/pages/klotter.php b/www/public/M3/06/pages/klotter.php
index 2d6f3ce..9c5da69 100644
--- a/www/public/M3/06/pages/klotter.php
+++ b/www/public/M3/06/pages/klotter.php
@@ -10,7 +10,7 @@
 </form>
 
 <?php 
-    if(file_exists("../../../M3-06-messages.dat")) {
-        echo file_get_contents("../../../M3-06-messages.dat");
+    if(file_exists("../../../userData/M3-06-messages.dat")) {
+        echo file_get_contents("../../../userData/M3-06-messages.dat");
     }
 ?>
\ No newline at end of file
diff --git a/www/public/M3/06/saveMsg.php b/www/public/M3/06/saveMsg.php
index f14b29b..374d610 100644
--- a/www/public/M3/06/saveMsg.php
+++ b/www/public/M3/06/saveMsg.php
@@ -5,7 +5,7 @@
   $name = "<hr><p>Från: " . $_SESSION['username'] . "</p>";
   $msg = "<p>" . cleanData($_POST['message']) . "</p>";
 
-  file_put_contents("../../../M3-06-messages.dat", $name . $msg, FILE_APPEND);
+  file_put_contents("../../../userData/M3-06-messages.dat", $name . $msg, FILE_APPEND);
 
   header("location: index.php?page=klotter"); //Omdirigerar till klotterplanket
 
diff --git a/www/public/M3/06/userManipulation.php b/www/public/M3/06/userManipulation.php
index d7a352b..fc15068 100644
--- a/www/public/M3/06/userManipulation.php
+++ b/www/public/M3/06/userManipulation.php
@@ -13,7 +13,7 @@
 
     function addUser($user)
     {
-        $file = "../../../M3-06-users.dat";
+        $file = "../../../userData/M3-06-users.dat";
 
         if(file_exists($file)) {
             $users = unserialize(file_get_contents($file));
@@ -30,7 +30,7 @@
 
     function isPresent($userToFind)
     {
-        $file = "../../../M3-06-users.dat";
+        $file = "../../../userData/M3-06-users.dat";
         if (file_exists($file)) {
             $userArray = unserialize(file_get_contents($file));
         }
diff --git a/www/public/M4/01/userManipulation.php b/www/public/M4/01/userManipulation.php
index 7dacf2d..a5c224d 100644
--- a/www/public/M4/01/userManipulation.php
+++ b/www/public/M4/01/userManipulation.php
@@ -13,7 +13,7 @@
 
     function addUser($user)
     {
-        $file = "../../../M4-01-users.dat";
+        $file = "../../../userData/M4-01-users.dat";
 
         if(file_exists($file)) {
             $users = unserialize(file_get_contents($file));
@@ -30,7 +30,7 @@
 
     function isPresent($userToFind)
     {
-        $file = "../../../M4-01-users.dat";
+        $file = "../../../userData/M4-01-users.dat";
         if (file_exists($file)) {
             $userArray = unserialize(file_get_contents($file));
         }
diff --git a/www/public/M4/02/index.php b/www/public/M4/02/index.php
index ad26309..0317484 100644
--- a/www/public/M4/02/index.php
+++ b/www/public/M4/02/index.php
@@ -8,14 +8,13 @@ else {
   if (session_status() == PHP_SESSION_NONE) {
     session_start();
   }
-  #header("Location: login.php");
 }
 
 function login()
 {
   if (isset($_POST["username"])) $username = $_POST["username"];
   if (isset($_POST["password"])) $password = $_POST["password"];
-  $username = cleanData($username);
+  $username = filter_input(INPUT_POST, $username, FILTER_SANITIZE_SPECIAL_CHARS | FILTER_SANITIZE_STRIPPED);
 
   $user = new User($username, $password);
 
@@ -26,6 +25,7 @@ function login()
   if (session_status() == PHP_SESSION_NONE) {
     session_start();
   }
+  session_regenerate_id(true);
   $_SESSION['logged_in'] = true;
 }
 function signup() {
@@ -40,7 +40,7 @@ function signup() {
     exit();
   }
   
-  $username = cleanData($username);
+  $username = filter_input(INPUT_POST, $username, FILTER_SANITIZE_SPECIAL_CHARS | FILTER_SANITIZE_STRIPPED);
   $password = password_hash($password, PASSWORD_DEFAULT);
 
   $user = new User($username, $password);
@@ -55,30 +55,33 @@ function logout()
   }
   $_POST = array();
   $_SESSION = array(); // Tömmer sessionsarrayen    
-  session_destroy();
-  #header("Location: login.php");
+  session_regenerate_id(true);
 }
 
-function cleanData($data)
-{
-  $data = strip_tags($data);
-  $data = htmlspecialchars($data);
-  $data = trim($data);
-  $data = stripslashes($data);
-  return $data;
-}
 ?>
 <!doctype html>
 <html lang="sv">
 
 <head>
   <meta charset="UTF-8">
-  <title>M4 | 01</title>
+  <title>M4 | 02</title>
   <link href="css/styleSheet.css" rel="stylesheet" type="text/css">
 </head>
 
 <body>
   <main>
+  <form action="" method="post">
+    <fieldset>
+      <legend>Form</legend>
+      <input type="hidden" name="message">
+      <label>Your name: </label>
+      <input type="text" name="name"> <br> <br>
+      <label>Your message: </label>
+      <input type="text" name="text"> <br> <br>
+      <input type="submit" value="Submit">
+    </fieldset>
+  </form>
+
     <?php
     if(isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == true) {
       echo "<h1>Logged in!</h1>";
@@ -86,6 +89,16 @@ function cleanData($data)
     else {
       echo "<h1>Not logged in!</h1>";
     }
+
+    if(isset($_POST['message'])) {
+      $safeName = filter_input(INPUT_POST, 'name',FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+      $safeMassage = filter_input(INPUT_POST, 'text',FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+      echo "<h3>Name - " . $safeName . "</h3>";
+      echo "<p>Massage - " . $safeMassage . "</p>";
+    }
+    else {
+      echo "<h3>No message!</h3>";
+    }
     ?>
     <a href="login.php">Login</a>
   </main>
diff --git a/www/public/M4/02/userManipulation.php b/www/public/M4/02/userManipulation.php
index f83d150..86a3a2c 100644
--- a/www/public/M4/02/userManipulation.php
+++ b/www/public/M4/02/userManipulation.php
@@ -13,7 +13,7 @@
 
     function addUser($user)
     {
-        $file = "../../../M4-02-users.dat";
+        $file = "../../../userData/M4-02-users.dat";
 
         if(file_exists($file)) {
             $users = unserialize(file_get_contents($file));
@@ -30,7 +30,7 @@
 
     function isPresent($userToFind)
     {
-        $file = "../../../M4-02-users.dat";
+        $file = "../../../userData/M4-02-users.dat";
         if (file_exists($file)) {
             $userArray = unserialize(file_get_contents($file));
         }
diff --git a/www/public/M4/03/User.php b/www/public/M4/03/User.php
new file mode 100644
index 0000000..afa0130
--- /dev/null
+++ b/www/public/M4/03/User.php
@@ -0,0 +1,28 @@
+<?php
+class User
+{
+    private $username;
+    private $password;
+
+    public function __construct($username, $password)
+    {
+        $this->username = $username;
+        $this->password = $password;
+    }
+
+    public function getUsername() {
+        return $this->username;
+    }
+
+    public function getPassword() {
+        return $this->password;
+    }
+
+    public function setUsername($username) {
+        $this->username = $username;
+    }
+
+    public function setPassword($password) {
+        $this->password = $password;
+    }
+}
diff --git a/www/public/M4/03/index.php b/www/public/M4/03/index.php
new file mode 100644
index 0000000..78e75d7
--- /dev/null
+++ b/www/public/M4/03/index.php
@@ -0,0 +1,131 @@
+<?php
+include("userManipulation.php");
+
+if (isset($_POST['login'])) login();
+else if (isset($_POST['signup'])) signup();
+else if (isset($_POST['logout'])) logout();
+else {
+  if (session_status() == PHP_SESSION_NONE) {
+    session_start();
+  }
+}
+
+function login()
+{
+  if (isset($_POST["username"])) $username = $_POST["username"];
+  if (isset($_POST["password"])) $password = $_POST["password"];
+  $username = cleanData($username);
+
+  $user = new User($username, $password);
+
+  if (!isPresent($user)) {
+    header("Location: login.php");
+    exit();
+  }
+  if (session_status() == PHP_SESSION_NONE) {
+    session_start();
+  }
+  session_regenerate_id(true);
+  $_SESSION['logged_in'] = true;
+  $_SESSION['CSRFToken'] = bin2hex(random_bytes(32));
+}
+function signup() {
+  if (isset($_POST["username"]) && $_POST["username"] != "") $username = $_POST["username"];
+  else {
+    header("Location: login.php");
+    exit();
+  }
+  if (isset($_POST["password"]) && $_POST["password"] != "") $password = $_POST["password"];
+  else {
+    header("Location: login.php");
+    exit();
+  }
+  
+  $username = cleanData($username);
+  $password = password_hash($password, PASSWORD_DEFAULT);
+
+  $user = new User($username, $password);
+  addUser($user);
+  
+  if (session_status() == PHP_SESSION_NONE) {
+    session_start();
+  }
+
+  session_regenerate_id();
+  $_SESSION['logged_in'] = true;
+  $_SESSION['CSRFToken'] = bin2hex(random_bytes(32));
+}
+
+function logout()
+{
+  if (session_status() == PHP_SESSION_NONE) {
+    session_start();
+  }
+  $_POST = array();
+  $_SESSION = array(); // Tömmer sessionsarrayen    
+
+  session_regenerate_id(true);
+  $_SESSION['CSRFToken'] = bin2hex(random_bytes(32));
+}
+
+function cleanData($data)
+{
+  $data = strip_tags($data);
+  $data = htmlspecialchars($data);
+  $data = trim($data);
+  $data = stripslashes($data);
+  return $data;
+}
+?>
+<!doctype html>
+<html lang="sv">
+
+<head>
+  <meta charset="UTF-8">
+  <title>M4 | 03</title>
+  <link href="css/styleSheet.css" rel="stylesheet" type="text/css">
+</head>
+
+<body>
+  <main>
+  <form action="" method="post">
+    <fieldset>
+      <legend>Form</legend>
+      <input type="hidden" name="message">
+      <input type = "hidden" name = "CSRFToken" value = <?php echo $_SESSION['CSRFToken']; ?>>
+      <label>Your name: </label>
+      <input type="text" name="name"> <br> <br>
+      <label>Your message: </label>
+      <input type="text" name="text"> <br> <br>
+      <input type="submit" value="Submit">
+    </fieldset>
+  </form>
+
+    <?php
+    if(isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == true) {
+      echo "<h1>Logged in!</h1>";
+    }
+    else {
+      echo "<h1>Not logged in!</h1>";
+    }
+
+    if(isset($_POST['message'])) {
+      if($_SESSION['CSRFToken'] === $_POST['CSRFToken']){
+        echo "ok csrft";
+    }else{
+        echo "Inte ok csrft";
+    }
+      $safeName = filter_input(INPUT_POST, 'name',FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+      $safeMassage = filter_input(INPUT_POST, 'text',FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+      echo "<h3>Name - " . $safeName . "</h3>";
+      echo "<p>Massage - " . $safeMassage . "</p>";
+    }
+    else {
+      echo "<h3>No message!</h3>";
+    }
+    ?>
+    <a href="login.php">Login</a>
+  </main>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/www/public/M4/03/login.php b/www/public/M4/03/login.php
new file mode 100644
index 0000000..c367978
--- /dev/null
+++ b/www/public/M4/03/login.php
@@ -0,0 +1,44 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Login</title>
+</head>
+<body>    
+    <form action="index.php" method="post">
+        <fieldset>
+          <legend>Login</legend>
+          <input type="hidden" name="login">
+          <label>Your username: </label>
+          <input type="text" name="username"> <br> <br>
+          <label>Your password: </label>
+          <input type="password" name="password"> <br> <br>
+          <input type="submit" value="Submit">
+        </fieldset>
+      </form>
+    
+      <form action="index.php" method="post">
+        <fieldset>
+          <legend>Signup</legend>
+          <input type="hidden" name="signup">
+          <label>Your username: </label>
+          <input type="text" name="username"> <br> <br>
+          <label>Your password: </label>
+          <input type="password" name="password"> <br> <br>
+          <input type="submit" value="Submit">
+        </fieldset>
+      </form>
+    
+      <br>
+      <br>
+    
+      <form action="index.php" method="post">
+        <fieldset>
+          <legend>Logout</legend>
+          <input type="hidden" name="logout">
+          <input type="submit" value="Logout">
+        </fieldset>
+      </form>
+</body>
+</html>
\ No newline at end of file
diff --git a/www/public/M4/03/userManipulation.php b/www/public/M4/03/userManipulation.php
new file mode 100644
index 0000000..b12c101
--- /dev/null
+++ b/www/public/M4/03/userManipulation.php
@@ -0,0 +1,47 @@
+<!DOCTYPE html>
+<html lang="se">
+
+<head>
+    <meta charset="UTF-8">
+    <title>Person write</title>
+</head>
+
+<body>
+
+    <?php
+    include("User.php");
+
+    function addUser($user)
+    {
+        $file = "../../../userData/M4-03-users.dat";
+
+        if(file_exists($file)) {
+            $users = unserialize(file_get_contents($file));
+            $users[] = $user; 
+            file_put_contents($file, serialize($users));
+        }
+        else {
+            $users = array();
+            $users[] = $user; 
+            file_put_contents($file, serialize($users));
+        }
+        
+    }
+
+    function isPresent($userToFind)
+    {
+        $file = "../../../userData/M4-03-users.dat";
+        if (file_exists($file)) {
+            $userArray = unserialize(file_get_contents($file));
+        }
+        else return false;
+
+        foreach($userArray as $user) {
+            if($userToFind->getUsername() == $user->getUsername() && password_verify($userToFind->getPassword(), $user->getPassword())) return true;
+        }
+        return false;
+    }
+    ?>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/www/public/M4/04/index.php b/www/public/M4/04/index.php
new file mode 100644
index 0000000..d7ee067
--- /dev/null
+++ b/www/public/M4/04/index.php
@@ -0,0 +1,128 @@
+<?php
+include("../../../userData/M4-04-users.php");
+
+if (isset($_POST['login'])) login();
+else if (isset($_POST['signup'])) signup();
+else if (isset($_POST['logout'])) logout();
+else {
+  if (session_status() == PHP_SESSION_NONE) {
+    session_start();
+  }
+}
+
+function login()
+{
+  if (isset($_POST["username"])) $username = $_POST["username"];
+  if (isset($_POST["password"])) $password = $_POST["password"];
+  $username = cleanData($username);
+
+  $users = getUsers();
+  if (isset($users[$username]) && password_verify($password, $users[$username])) {
+    echo $username;
+  }
+  else {
+    header("Location: login.php");
+    exit();
+  }
+
+  if (session_status() == PHP_SESSION_NONE) {
+    session_start();
+  }
+  session_regenerate_id(true);
+  $_SESSION['logged_in'] = true;
+  $_SESSION['CSRFToken'] = bin2hex(random_bytes(32));
+}
+function signup() {
+  if (isset($_POST["username"]) && $_POST["username"] != "") $username = $_POST["username"];
+  else {
+    header("Location: login.php");
+    exit();
+  }
+  if (isset($_POST["password"]) && $_POST["password"] != "") $password = $_POST["password"];
+  else {
+    header("Location: login.php");
+    exit();
+  }
+  
+  $username = cleanData($username);
+  $password = password_hash($password, PASSWORD_DEFAULT);
+  echo "<p>Username: " . $username ."\n</p>";
+  echo "<p>Password: " . $password . "</p> <br><br>"; 
+  
+  $_SESSION['logged_in'] = true;
+  $_SESSION['CSRFToken'] = bin2hex(random_bytes(32));
+}
+
+function logout()
+{
+  if (session_status() == PHP_SESSION_NONE) {
+    session_start();
+  }
+  $_POST = array();
+  $_SESSION = array(); // Tömmer sessionsarrayen    
+
+  session_regenerate_id(true);
+  $_SESSION['CSRFToken'] = bin2hex(random_bytes(32));
+}
+
+function cleanData($data)
+{
+  $data = strip_tags($data);
+  $data = htmlspecialchars($data);
+  $data = trim($data);
+  $data = stripslashes($data);
+  return $data;
+}
+?>
+<!doctype html>
+<html lang="sv">
+
+<head>
+  <meta charset="UTF-8">
+  <title>M4 | 04</title>
+  <link href="css/styleSheet.css" rel="stylesheet" type="text/css">
+</head>
+
+<body>
+  <main>
+  <form action="" method="post">
+    <fieldset>
+      <legend>Form</legend>
+      <input type="hidden" name="message">
+      <input type = "hidden" name = "CSRFToken" value = <?php echo $_SESSION['CSRFToken']?>>
+      <label>Your name: </label>
+      <input type="text" name="name"> <br> <br>
+      <label>Your message: </label>
+      <input type="text" name="text"> <br> <br>
+      <input type="submit" value="Submit">
+    </fieldset>
+  </form>
+
+    <?php
+    if(isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == true) {
+      echo "<h1>Logged in!</h1>";
+    }
+    else {
+      echo "<h1>Not logged in!</h1>";
+    }
+
+    if(isset($_POST['message'])) {
+      if($_SESSION['CSRFToken'] === $_POST['CSRFToken']){
+        echo "ok csrft";
+    }else{
+        echo "Inte ok csrft";
+    }
+      $safeName = filter_input(INPUT_POST, 'name',FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+      $safeMassage = filter_input(INPUT_POST, 'text',FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+      echo "<h3>Name - " . $safeName . "</h3>";
+      echo "<p>Massage - " . $safeMassage . "</p>";
+    }
+    else {
+      echo "<h3>No message!</h3>";
+    }
+    ?>
+    <a href="login.php">Login</a>
+  </main>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/www/public/M4/04/login.php b/www/public/M4/04/login.php
new file mode 100644
index 0000000..c367978
--- /dev/null
+++ b/www/public/M4/04/login.php
@@ -0,0 +1,44 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Login</title>
+</head>
+<body>    
+    <form action="index.php" method="post">
+        <fieldset>
+          <legend>Login</legend>
+          <input type="hidden" name="login">
+          <label>Your username: </label>
+          <input type="text" name="username"> <br> <br>
+          <label>Your password: </label>
+          <input type="password" name="password"> <br> <br>
+          <input type="submit" value="Submit">
+        </fieldset>
+      </form>
+    
+      <form action="index.php" method="post">
+        <fieldset>
+          <legend>Signup</legend>
+          <input type="hidden" name="signup">
+          <label>Your username: </label>
+          <input type="text" name="username"> <br> <br>
+          <label>Your password: </label>
+          <input type="password" name="password"> <br> <br>
+          <input type="submit" value="Submit">
+        </fieldset>
+      </form>
+    
+      <br>
+      <br>
+    
+      <form action="index.php" method="post">
+        <fieldset>
+          <legend>Logout</legend>
+          <input type="hidden" name="logout">
+          <input type="submit" value="Logout">
+        </fieldset>
+      </form>
+</body>
+</html>
\ No newline at end of file
diff --git a/www/M3-02-hit.dat b/www/userCount/M3-02-hit.dat
similarity index 100%
rename from www/M3-02-hit.dat
rename to www/userCount/M3-02-hit.dat
diff --git a/www/M3-03-hit.dat b/www/userCount/M3-03-hit.dat
similarity index 100%
rename from www/M3-03-hit.dat
rename to www/userCount/M3-03-hit.dat
diff --git a/www/M3-04-hit.dat b/www/userCount/M3-04-hit.dat
similarity index 100%
rename from www/M3-04-hit.dat
rename to www/userCount/M3-04-hit.dat
diff --git a/www/M3-06-hit.dat b/www/userCount/M3-06-hit.dat
similarity index 100%
rename from www/M3-06-hit.dat
rename to www/userCount/M3-06-hit.dat
diff --git a/www/M2-09-users.dat b/www/userData/M2-09-users.dat
similarity index 100%
rename from www/M2-09-users.dat
rename to www/userData/M2-09-users.dat
diff --git a/www/M3-04-messages.dat b/www/userData/M3-04-messages.dat
similarity index 100%
rename from www/M3-04-messages.dat
rename to www/userData/M3-04-messages.dat
diff --git a/www/userData/M3-06-messages.dat b/www/userData/M3-06-messages.dat
new file mode 100644
index 0000000..1627f89
--- /dev/null
+++ b/www/userData/M3-06-messages.dat
@@ -0,0 +1 @@
+<hr><p>Från: 555</p><p>afsdgfh</p><hr><p>Från: 111</p><p>iopdfgjosdhckotre</p><hr><p>Från: 111</p><p>awfgerkoösed</p><hr><p>Från: 222</p><p>4353w6eur7ti</p>
\ No newline at end of file
diff --git a/www/M3-06-users.dat b/www/userData/M3-06-users.dat
similarity index 100%
rename from www/M3-06-users.dat
rename to www/userData/M3-06-users.dat
diff --git a/www/userData/M4-01-users.dat b/www/userData/M4-01-users.dat
new file mode 100644
index 0000000..1936897
Binary files /dev/null and b/www/userData/M4-01-users.dat differ
diff --git a/www/userData/M4-02-users.dat b/www/userData/M4-02-users.dat
new file mode 100644
index 0000000..6353158
Binary files /dev/null and b/www/userData/M4-02-users.dat differ
diff --git a/www/userData/M4-03-users.dat b/www/userData/M4-03-users.dat
new file mode 100644
index 0000000..f5edc71
Binary files /dev/null and b/www/userData/M4-03-users.dat differ
diff --git a/www/userData/M4-04-users.php b/www/userData/M4-04-users.php
new file mode 100644
index 0000000..e6bdbad
--- /dev/null
+++ b/www/userData/M4-04-users.php
@@ -0,0 +1,9 @@
+<?php
+function getUsers() {
+        $users = array();
+        $users['admin'] = '$2y$10$fCFmmSX/lumDbNJw7YUMdOAfASpMAEEeQg6eT5r5govkZdV31/wLm';
+        $users['hank'] = '$2y$10$6qpK9B7tHzGqwLJmHx.XpeefSpMIbamxgpOWsx6CqtrBCxVKqsEn6';
+        $user['admin1'] = '$2y$10$YcT3gCMi2H9KZcFQHw0kfOzG.FdWeQqkcjr9mPsWAKxVNTZRWJZWy';
+        return $users;
+    }
+?>
\ No newline at end of file