diff --git a/controllers/tourController.js b/controllers/tourController.js
index f6970549635d2d03d2a691066df136ce6f240e4f..9faf9bf113e2fe8512b53207a3d7e15f4f6bc4c8 100644
--- a/controllers/tourController.js
+++ b/controllers/tourController.js
@@ -57,20 +57,27 @@ exports.postLogin = async (req, res) => {
   const { email, password } = req.body;
 
   try {
-      const isMatch = await User.comparePassword(email, password);
+      const user = await User.findOne(email); // หาผู้ใช้จากฐานข้อมูล
+
+      if (!user) {
+          return res.render('login', { message: 'Invalid email or password' });
+      }
+
+      const isMatch = await User.comparePassword(email, password); // ตรวจสอบรหัสผ่าน
       if (!isMatch) {
           return res.render('login', { message: 'Invalid email or password' });
       }
 
-      req.session.userId = email;
-      req.session.userName = user.name;
-      res.redirect('/');
+      req.session.userId = user.email; // เก็บ email ใน session
+      req.session.userName = user.name; // เก็บชื่อผู้ใช้ใน session
+      res.redirect('/'); // เมื่อ login สำเร็จให้ไปหน้า home
   } catch (err) {
       console.error(err);
       res.render('login', { message: 'Error logging in' });
   }
 };
 
+
 exports.logout = (req, res) => {
   req.session.destroy(() => {
       res.redirect('/login');