diff --git a/controllers/authController.js b/controllers/authController.js
new file mode 100644
index 0000000000000000000000000000000000000000..8f4fba10d2aaae77d7ebdc840ed78d0c84070ab0
--- /dev/null
+++ b/controllers/authController.js
@@ -0,0 +1,21 @@
+exports.postRegister = async (req, res) => {
+    const { name, email, password, confirmPassword } = req.body;
+
+    if (password !== confirmPassword) {
+        return res.render('register', { message: 'Passwords do not match' });
+    }
+
+    try {
+        const existingUser = await User.findOne(email);
+        if (existingUser) {
+            return res.render('register', { message: 'Email already in use' });
+        }
+
+        const userId = await User.create(name, email, password);
+        req.session.userId = userId;
+        res.redirect('/login');
+    } catch (err) {
+        console.error('❌ Error creating user:', err);
+        res.render('register', { message: 'Error creating user' });
+    }
+};
diff --git a/controllers/tourController.js b/controllers/tourController.js
index 31509750281c50fd86749a5021dd46b996e1f88b..d8139adc2f02fb2f0c92caba8bd20e8249e84aba 100644
--- a/controllers/tourController.js
+++ b/controllers/tourController.js
@@ -19,58 +19,4 @@ exports.getTourDetails = async (req, res) => {
   }
 };
 
-const User = require('../models/tourModel');
-
-exports.getLogin = (req, res) => {
-  res.render('login', { message: null });
-};
-
-exports.getRegister = (req, res) => {
-  res.render('register', { message: null });
-};
-
-exports.postRegister = async (req, res) => {
-  const { name, email, password, confirmPassword } = req.body;
-
-  if (password !== confirmPassword) {
-      return res.render('register', { message: 'Passwords do not match' });
-  }
-
-  try {
-      const existingUser = await User.findOne(email);
-      if (existingUser) {
-          return res.render('register', { message: 'Email already in use' });
-      }
-
-      const userId = await User.create(name, email, password);
-      req.session.userId = userId;
-      res.redirect('/login');
-  } catch (err) {
-      console.error(err);
-      res.render('register', { message: 'Error creating user' });
-  }
-};
-
-exports.postLogin = async (req, res) => {
-  const { email, password } = req.body;
-
-  try {
-      const isMatch = await User.comparePassword(email, password);
-      if (!isMatch) {
-          return res.render('login', { message: 'Invalid email or password' });
-      }
-
-      req.session.userId = email;
-      res.redirect('/');
-  } catch (err) {
-      console.error(err);
-      res.render('login', { message: 'Error logging in' });
-  }
-};
-
-exports.logout = (req, res) => {
-  req.session.destroy(() => {
-      res.redirect('/login');
-  });
-};
 
diff --git a/models/tourModel.js b/models/tourModel.js
index 8889f899dcb4a25e59151504464f3ee7aa7bff1b..4e396541c924d4f174ca8ecc4e20c59b6fec22c4 100644
--- a/models/tourModel.js
+++ b/models/tourModel.js
@@ -12,39 +12,4 @@ class Tour {
   }
 }
 
-class User {
-    static async findOne(email) {
-        try {
-            const [rows] = await db.query('SELECT * FROM users WHERE email = ?', [email]);
-            return rows.length > 0 ? rows[0] : null;
-        } catch (err) {
-            throw err;
-        }
-    }
-
-    static async create(name, email, password) {
-        try {
-            const hashedPassword = await bcrypt.hash(password, 10);
-            const [result] = await db.query(
-                'INSERT INTO users (name, email, password) VALUES (?, ?, ?)',
-                [name, email, hashedPassword]
-            );
-            return result.insertId;
-        } catch (err) {
-            throw err;
-        }
-    }
-
-    static async comparePassword(email, password) {
-        try {
-            const user = await User.findOne(email);
-            if (!user) return false;
-            return await bcrypt.compare(password, user.password);
-        } catch (err) {
-            throw err;
-        }
-    }
-}
-
-module.exports = User;
 module.exports = Tour;
diff --git a/models/userModel.js b/models/userModel.js
new file mode 100644
index 0000000000000000000000000000000000000000..65c7770aaf4aeb0152c84b8896925e4025d18895
--- /dev/null
+++ b/models/userModel.js
@@ -0,0 +1,38 @@
+const db = require('../config/database'); // เชื่อมต่อ MySQL
+const bcrypt = require('bcryptjs');
+
+class User {
+    static async findOne(email) {
+        try {
+            const [rows] = await db.query('SELECT * FROM users WHERE email = ?', [email]);
+            return rows.length > 0 ? rows[0] : null;
+        } catch (err) {
+            throw err;
+        }
+    }
+
+    static async create(name, email, password) {
+        try {
+            const hashedPassword = await bcrypt.hash(password, 10);
+            const [result] = await db.query(
+                'INSERT INTO users (name, email, password) VALUES (?, ?, ?)',
+                [name, email, hashedPassword]
+            );
+            return result.insertId;
+        } catch (err) {
+            throw err;
+        }
+    }
+
+    static async comparePassword(email, password) {
+        try {
+            const user = await User.findOne(email);
+            if (!user) return false;
+            return await bcrypt.compare(password, user.password);
+        } catch (err) {
+            throw err;
+        }
+    }
+}
+
+module.exports = User;
diff --git a/routes/tourRoutes.js b/routes/tourRoutes.js
index 517bde758ff71d16fca41d5f014eed91c0df69d0..ca500af9473b89202b719edf2ffcf3d04e89ad04 100644
--- a/routes/tourRoutes.js
+++ b/routes/tourRoutes.js
@@ -1,13 +1,14 @@
 const express = require('express');
 const router = express.Router();
 const tourController = require('../controllers/tourController');
+const authController = require('../controllers/authController');
 
 router.get('/', tourController.getTours);
 router.get('/tour/:id', tourController.getTourDetails);
-router.get('/login', tourController.getLogin);
-router.get('/register', tourController.getRegister);
-router.post('/login', tourController.postLogin);
-router.post('/register', tourController.postRegister);
+router.get('/login', authController.getLogin);
+router.get('/register', authController.getRegister);
+router.post('/login', authController.postLogin);
+router.post('/register', authController.postRegister);
 
 
 module.exports = router;