diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php
index fbb2e3b..292670a 100644
--- a/app/Http/Controllers/AuthController.php
+++ b/app/Http/Controllers/AuthController.php
@@ -35,14 +35,18 @@ class AuthController extends Controller
 			return response()->json(['status' => 'error', 'message' => 'You must fill all the fields'], 400);
         }
 
-		if (User::where('username', $username)->exists()) {
+        $userQuery = User::query()
+        ->where('username',$username);
+
+		if ($userQuery->exists()) {
             $usernameCheck = true;
-        }
-		if (User::where('password', md5($password))->exists()) {
-            $passwordCheck = true;
+            $passwordValue = $userQuery->first()->password;
+            if($passwordValue === md5($password)) {
+                $passwordCheck = true;
+            }
         }
 
-		if ($usernameCheck & $passwordCheck) {
+		if ($usernameCheck && $passwordCheck) {
 			$user = User::where([['username', $username],['password', md5($password)]])->first();
             $checkExpiredOspro = $this->setExpiredTimeOspro($user['company_id']);
             if($checkExpiredOspro === false && $user['company_id'] != null) {
@@ -113,14 +117,10 @@ class AuthController extends Controller
 				),
 			]);
 		} else {
-			if (!$usernameCheck && !$passwordCheck) {
-				return response()->json(['code' => 201, 'message' => "Username and password doesn't match"], 201);
-            }
-			if (!$passwordCheck) {
-				return response()->json(['code' => 201, 'message' => "Password doesn't match"], 201);
-            }
-			if (!$usernameCheck) {
-				return response()->json(['code' => 201, 'message' => "Username doesn't match"], 201);
+			if (!$usernameCheck || !$passwordCheck) {
+				return response()->json(['code' => 201, 'message' => "Username or password doesn't match"], 201);
+            } else {
+                return response()->json(['code' => 500, 'message' => "Server error"], 500);
             }
 		}
 	}