diff --git a/controllers/tourController.js b/controllers/tourController.js
index e861f86f126cd0691c3bde541449729b64d43356..287f30dfde9e9a17c0696096399627c3d60d7472 100644
--- a/controllers/tourController.js
+++ b/controllers/tourController.js
@@ -21,19 +21,38 @@ exports.getTourDetails = async (req, res) => {
 
 const User = require('../models/tourModel');
 
+exports.getLogin = (req, res) => {
+    res.render('login', { message: null });
+};
+
+exports.getRegister = (req, res) => {
+    res.render('register', { message: null });
+};
+
 exports.postLogin = (req, res) => {
-  const { email, password } = req.body;
+    const { email, password } = req.body;
+    User.comparePassword(email, password, (err, isMatch) => {
+        if (err || !isMatch) {
+            return res.render('login', { message: 'Invalid email or password' });
+        }
+        req.session.userId = email; // สามารถเก็บ ID หรืออีเมลของผู้ใช้ได้
+        res.redirect('/');
+    });
+};
 
-  User.comparePassword(req.db, email, password, (err, isMatch) => {
-      if (err) {
-          return res.status(500).json({ error: 'Error checking password' });
-      }
-      if (isMatch) {
-          // รหัสผ่านถูกต้อง
-          res.send('Login successful');
-      } else {
-          // รหัสผ่านไม่ตรง
-          res.status(400).send('Invalid credentials');
-      }
-  });
+exports.postRegister = (req, res) => {
+    const { name, email, password, confirmPassword } = req.body;
+    if (password !== confirmPassword) {
+        return res.render('register', { message: 'Passwords do not match' });
+    }
+    User.findOne(email, (err, user) => {
+        if (user) {
+            return res.render('register', { message: 'Email already in use' });
+        }
+        User.create(name, email, password, (err, userId) => {
+            if (err) return res.render('register', { message: 'Error creating user' });
+            req.session.userId = userId;
+            res.redirect('/');
+        });
+    });
 };
diff --git a/models/tourModel.js b/models/tourModel.js
index b8413ae007e262b75eb3ecfe999eb28207c01502..d9c0da9f42baa86c0b938b5a5d84a9d111433ea7 100644
--- a/models/tourModel.js
+++ b/models/tourModel.js
@@ -15,34 +15,31 @@ class Tour {
 const bcrypt = require('bcryptjs');
 
 class User {
-    // ค้นหาผู้ใช้จากอีเมล
-    static findOne(db, email, callback) {
+    static findOne(email, callback) {
         const query = 'SELECT * FROM users WHERE email = ?';
-        db.query(query, [email], (err, results) => {
+        req.db.query(query, [email], (err, results) => {
             if (err) return callback(err);
             callback(null, results[0]);
         });
     }
 
-    // สร้างผู้ใช้ใหม่และเก็บรหัสผ่านที่เข้ารหัส
-    static create(db, name, email, password, callback) {
+    static create(name, email, password, callback) {
         const query = 'INSERT INTO users (name, email, password) VALUES (?, ?, ?)';
         bcrypt.hash(password, 10, (err, hashedPassword) => {
             if (err) return callback(err);
-            db.query(query, [name, email, hashedPassword], (err, results) => {
+            req.db.query(query, [name, email, hashedPassword], (err, results) => {
                 if (err) return callback(err);
                 callback(null, results.insertId);
             });
         });
     }
 
-    // เปรียบเทียบรหัสผ่านที่ผู้ใช้กรอกกับรหัสผ่านที่เก็บในฐานข้อมูล
-    static comparePassword(db, email, password, callback) {
-        User.findOne(db, email, (err, user) => {
+    static comparePassword(email, password, callback) {
+        User.findOne(email, (err, user) => {
             if (err || !user) return callback(err || 'User not found');
             bcrypt.compare(password, user.password, (err, isMatch) => {
                 if (err) return callback(err);
-                callback(null, isMatch);  // isMatch จะเป็น true ถ้ารหัสผ่านตรงกัน
+                callback(null, isMatch);
             });
         });
     }