diff --git a/controllers/authController.js b/controllers/authController.js
deleted file mode 100644
index 8f4fba10d2aaae77d7ebdc840ed78d0c84070ab0..0000000000000000000000000000000000000000
--- a/controllers/authController.js
+++ /dev/null
@@ -1,21 +0,0 @@
-exports.postRegister = async (req, res) => {
-    const { name, email, password, confirmPassword } = req.body;
-
-    if (password !== confirmPassword) {
-        return res.render('register', { message: 'Passwords do not match' });
-    }
-
-    try {
-        const existingUser = await User.findOne(email);
-        if (existingUser) {
-            return res.render('register', { message: 'Email already in use' });
-        }
-
-        const userId = await User.create(name, email, password);
-        req.session.userId = userId;
-        res.redirect('/login');
-    } catch (err) {
-        console.error('❌ Error creating user:', err);
-        res.render('register', { message: 'Error creating user' });
-    }
-};
diff --git a/controllers/tourController.js b/controllers/tourController.js
index d8139adc2f02fb2f0c92caba8bd20e8249e84aba..a6f5ca4680f96901605ffa10cd6325f977b621e8 100644
--- a/controllers/tourController.js
+++ b/controllers/tourController.js
@@ -1,4 +1,5 @@
 const Tour = require('../models/tourModel');
+const User = require('../models/tourModel');
 
 exports.getTours = async (req, res) => {
   try {
@@ -19,4 +20,57 @@ exports.getTourDetails = async (req, res) => {
   }
 };
 
+//User//
+exports.getLogin = (req, res) => {
+  res.render('login', { message: null });
+};
+
+exports.getRegister = (req, res) => {
+  res.render('register', { message: null });
+};
+
+exports.postRegister = async (req, res) => {
+  const { name, email, password, confirmPassword } = req.body;
+
+  if (password !== confirmPassword) {
+      return res.render('register', { message: 'Passwords do not match' });
+  }
+
+  try {
+      const existingUser = await User.findOne(email);
+      if (existingUser) {
+          return res.render('register', { message: 'Email already in use' });
+      }
+
+      const userId = await User.create(name, email, password);
+      req.session.userId = userId;
+      res.redirect('/login');
+  } catch (err) {
+      console.error(err);
+      res.render('register', { message: 'Error creating user' });
+  }
+};
+
+exports.postLogin = async (req, res) => {
+  const { email, password } = req.body;
+
+  try {
+      const isMatch = await User.comparePassword(email, password);
+      if (!isMatch) {
+          return res.render('login', { message: 'Invalid email or password' });
+      }
+
+      req.session.userId = email;
+      res.redirect('/');
+  } catch (err) {
+      console.error(err);
+      res.render('login', { message: 'Error logging in' });
+  }
+};
+
+exports.logout = (req, res) => {
+  req.session.destroy(() => {
+      res.redirect('/login');
+  });
+};
 
diff --git a/models/tourModel.js b/models/tourModel.js
index 4e396541c924d4f174ca8ecc4e20c59b6fec22c4..8889f899dcb4a25e59151504464f3ee7aa7bff1b 100644
--- a/models/tourModel.js
+++ b/models/tourModel.js
@@ -12,4 +12,39 @@ class Tour {
   }
 }
 
+class User {
+    static async findOne(email) {
+        try {
+            const [rows] = await db.query('SELECT * FROM users WHERE email = ?', [email]);
+            return rows.length > 0 ? rows[0] : null;
+        } catch (err) {
+            throw err;
+        }
+    }
+
+    static async create(name, email, password) {
+        try {
+            const hashedPassword = await bcrypt.hash(password, 10);
+            const [result] = await db.query(
+                'INSERT INTO users (name, email, password) VALUES (?, ?, ?)',
+                [name, email, hashedPassword]
+            );
+            return result.insertId;
+        } catch (err) {
+            throw err;
+        }
+    }
+
+    static async comparePassword(email, password) {
+        try {
+            const user = await User.findOne(email);
+            if (!user) return false;
+            return await bcrypt.compare(password, user.password);
+        } catch (err) {
+            throw err;
+        }
+    }
+}
+
+module.exports = User;
 module.exports = Tour;
diff --git a/models/userModel.js b/models/userModel.js
deleted file mode 100644
index 65c7770aaf4aeb0152c84b8896925e4025d18895..0000000000000000000000000000000000000000
--- a/models/userModel.js
+++ /dev/null
@@ -1,38 +0,0 @@
-const db = require('../config/database'); // เชื่อมต่อ MySQL
-const bcrypt = require('bcryptjs');
-
-class User {
-    static async findOne(email) {
-        try {
-            const [rows] = await db.query('SELECT * FROM users WHERE email = ?', [email]);
-            return rows.length > 0 ? rows[0] : null;
-        } catch (err) {
-            throw err;
-        }
-    }
-
-    static async create(name, email, password) {
-        try {
-            const hashedPassword = await bcrypt.hash(password, 10);
-            const [result] = await db.query(
-                'INSERT INTO users (name, email, password) VALUES (?, ?, ?)',
-                [name, email, hashedPassword]
-            );
-            return result.insertId;
-        } catch (err) {
-            throw err;
-        }
-    }
-
-    static async comparePassword(email, password) {
-        try {
-            const user = await User.findOne(email);
-            if (!user) return false;
-            return await bcrypt.compare(password, user.password);
-        } catch (err) {
-            throw err;
-        }
-    }
-}
-
-module.exports = User;
diff --git a/server.js b/server.js
index fd81c0a32a903ddd8beda96b8d98c79cc4bc016d..ff3eb690966a8a5cb4eeeae3777b2345a662b901 100644
--- a/server.js
+++ b/server.js
@@ -15,7 +15,7 @@ app.use('/', tourRoutes);
 app.use('/login', tourRoutes);
 app.use('/register', tourRoutes);
 
-const PORT = process.env.PORT || 3306;
+const PORT = process.env.PORT || 3000;
 app.listen(PORT, () => {
   console.log(`Server is running on port ${PORT}`);
 });