diff --git a/config.php b/config.php
new file mode 100644
index 0000000..540540a
--- /dev/null
+++ b/config.php
@@ -0,0 +1,3 @@
+$AUTH_ENABLED = 0;
+$USERNAME = 'changeme';
+$PASSWORD = '1234';
diff --git a/start.php b/start.php
index 55b6fcf..e810232 100644
--- a/start.php
+++ b/start.php
@@ -1,4 +1,4 @@
-<?php 
+<?php
 use \Workerman\Worker;
 use \Workerman\WebServer;
 use \Workerman\Connection\TcpConnection;
@@ -7,14 +7,16 @@ use \Workerman\Connection\AsyncTcpConnection;
 // 自动加载类
 require_once __DIR__ . '/vendor/autoload.php';
 
-define('STAGE_INIT', 0);
-define('STAGE_ADDR', 1);
-define('STAGE_UDP_ASSOC', 2);
-define('STAGE_DNS', 3);
-define('STAGE_CONNECTING', 4);
-define('STAGE_STREAM', 5);
-define('STAGE_DESTROYED', -1);
+require_once __DIR__ . '/config.php';
 
+define('STAGE_INIT', 0);
+define('STAGE_AUTH', 1);
+define('STAGE_ADDR', 2);
+define('STAGE_UDP_ASSOC', 3);
+define('STAGE_DNS', 4);
+define('STAGE_CONNECTING', 5);
+define('STAGE_STREAM', 6);
+define('STAGE_DESTROYED', -1);
 
 define('CMD_CONNECT', 1);
 define('CMD_BIND', 2);
@@ -24,6 +26,9 @@ define('ADDRTYPE_IPV4', 1);
 define('ADDRTYPE_IPV6', 4);
 define('ADDRTYPE_HOST', 3);
 
+define('METHOD_NO_AUTH', 0);
+define('METHOD_GSSAPI', 1);
+define('METHOD_USER_PASS', 2);
 
 $worker = new Worker('tcp://0.0.0.0:1080');
 $worker->onConnect = function($connection)
@@ -35,16 +40,52 @@ $worker->onMessage = function($connection, $buffer)
     switch($connection->stage)
     {
         case STAGE_INIT:
+            if ($AUTH_ENABLED)
+            {
+                $methodslen = ord($buffer[1]);
+                $methods = array();
+                for ($i = 0; $i < strlen($buffer)-3; $i++)
+                {
+                    array_push($methods, ord($buffer[$i+3]));
+                }
+                if (in_array(METHOD_USER_PASS, $methods))
+                {
+                    $connection->send("\x05\x02");
+                    $connection->stage = STAGE_AUTH;
+                    return;
+                }
+                echo "client does not support user/pass auth\n";
+                $connection->send("\x05\xff");
+                $connection->stage = STAGE_DESTROYED;
+                $connection->close();
+                return;
+            }
             $connection->send("\x05\x00");
             $connection->stage = STAGE_ADDR;
             return;
+        case STAGE_AUTH:
+            $userlen = ord($buffer[1]);
+            $user = substr($buffer, 2, $userlen);
+            $passlen = ord($buffer[2 + $userlen]);
+            $pass = substr($buffer, 3 + $userlen, $passlen);
+            if ($user == $USERNAME && $pass == $PASSWORD)
+            {
+                $connection->send("\x05\x00");
+                $connection->stage = STAGE_ADDR;
+                return;
+            }
+            echo "auth failed\n";
+            $connection->send("\x05\x01");
+            $connection->stage = STAGE_DESTROYED;
+            $connection->close();
+            return;
         case STAGE_ADDR:
             $cmd = ord($buffer[1]);
             if($cmd != CMD_CONNECT)
             {
-               echo "bad cmd $cmd\n";
-               $connection->close();
-               return;
+                echo "bad cmd $cmd\n";
+                $connection->close();
+                return;
             }
             $header_data = parse_socket5_header($buffer);
             if(!$header_data)