diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php
index 67ad016..d898cf9 100644
--- a/app/Http/Controllers/AuthController.php
+++ b/app/Http/Controllers/AuthController.php
@@ -8,7 +8,9 @@ use Illuminate\Support\Facades\Hash;
 
 use App\Models\User;
 use App\Models\Role;
-
+use Illuminate\Http\JsonResponse;
+use Illuminate\Support\Facades\Password;
+use Illuminate\Validation\ValidationException;
 class AuthController extends Controller
 {
 	public function __construct()
@@ -26,48 +28,65 @@ class AuthController extends Controller
 		if(empty($username) || empty($password))
 			return response()->json(['status'=>'error','message'=>'You must fill all the fields'], 400);
 
-		$user = User::where('username', $username)->where('password', md5($password))->first();
-
-		if($is_mobile){
-			$fcm_token = $request->fcm_token;
-
-			if(!$fcm_token || $fcm_token=="")
-				return response()->json(['status'=>'error','message'=>'FCM Token is required'], 400);
-
-			$dataUpdateFcm = array(
-				"fcm_token"=>$fcm_token
-			);
-
-			$hr = User::find($user->id);
-
-			if($hr)
-				$hr->update($dataUpdateFcm);
-		}
-
-		$dataRole = Role::find($user->role_id);
-
-		if($dataRole)
-			$user->role = $dataRole;
-
-		if (! $token =Auth::login($user))
-			return response()->json(['error' => 'Unauthorized'], 401);
-
-		$ttl = 60;
-		if($remember)
-			$ttl = 10080;
-
-		// todo : change existing md5 hashed function to laravel's originally bcrypt
-		/* $token = auth()->setTTL($ttl)->attempt(['username' => $username, 'password' => Hash::make($password)]); */
-		/* dd(response()->json(['code'=>'200', 'token' => $token, 'ttl' => $ttl])); */
-
-		return response()->json([
-			'code' => 200,
-			'data' => array(
-				'data_user' => $user,
-				'access_token' => $token,
-				'token_type' => 'bearer',
-				'expires_in' => auth()->factory()->getTTL() * $ttl,
-			),
-		]);
+		$usernameCheck = false;
+		$passwordCheck = false;
+		
+		if (User::where('username', $username)->exist()) 
+			$usernameCheck = true;
+
+		if (User::where('password', md5($password))->exists()) 
+			$passwordCheck = true;
+
+		if ($usernameCheck & $passwordCheck){
+			$user = User::where('username', $username)->where('password', md5($password))->first();
+			if($is_mobile){
+				$fcm_token = $request->fcm_token;
+
+				if(!$fcm_token || $fcm_token=="")
+					return response()->json(['status'=>'error','message'=>'FCM Token is required'], 400);
+
+				$dataUpdateFcm = array(
+					"fcm_token"=>$fcm_token
+				);
+
+				$hr = User::find($user->id);
+
+				if($hr)
+					$hr->update($dataUpdateFcm);
+			}
+
+			$dataRole = Role::find($user->role_id);
+
+			if($dataRole)
+				$user->role = $dataRole;
+
+			if (! $token =Auth::login($user))
+				return response()->json(['error' => 'Unauthorized'], 401);
+
+			$ttl = 60;
+			if($remember)
+				$ttl = 10080;
+
+			// todo : change existing md5 hashed function to laravel's originally bcrypt
+			/* $token = auth()->setTTL($ttl)->attempt(['username' => $username, 'password' => Hash::make($password)]); */
+			/* dd(response()->json(['code'=>'200', 'token' => $token, 'ttl' => $ttl])); */
+
+			return response()->json([
+				'code' => 200,
+				'data' => array(
+					'data_user' => $user,
+					'access_token' => $token,
+					'token_type' => 'bearer',
+					'expires_in' => auth()->factory()->getTTL() * $ttl,
+				),
+			]);
+		}else {
+			if (!$usernameCheck && !$passwordCheck)
+				return response()->json(['code' => 201, 'message' => "username and password doesn't match"], 201);
+			if (!$passwordCheck)
+				return response()->json(['code' => 201, 'message' => "password doesn't match"], 201);
+			if (!$usernameCheck)
+				return response()->json(['code' => 201, 'message' => "username doesn't match"], 201);
+		} 
 	}
 }
diff --git a/app/Http/Controllers/ReportActivityMaterialController.php b/app/Http/Controllers/ReportActivityMaterialController.php
index a661e80..a4a120b 100644
--- a/app/Http/Controllers/ReportActivityMaterialController.php
+++ b/app/Http/Controllers/ReportActivityMaterialController.php
@@ -124,7 +124,8 @@ class ReportActivityMaterialController extends Controller
 			return Datatables::of($data)
 				->addIndexColumn()
 				->addColumn('action', function($row){
-					$actionBtn = '<a href="javascript:void(0)" data-id="'.$row->id.'" class="delete btn btn-danger btn-sm btn-ram-delete"><i class="fa fa-trash"></i></a>';
+					$actionBtn = '<a href="javascript:void(0)" data-id="'.$row->id.'" class="info btn btn-info btn-sm btn-ram-image" data-toggle="tooltip" title="Lihat Foto Report" data-placement="top"><i class="fa fa-image"></i></a>';
+					$actionBtn .= '<a href="javascript:void(0)" data-id="'.$row->id.'" class="delete btn btn-danger btn-sm btn-ram-delete" data-toggle="tooltip" title="Hapus Report" data-placement="top"><i class="fa fa-trash"></i></a>';
 					return $actionBtn;
 				})
 				->rawColumns(['action'])->make(true);
diff --git a/app/Http/Controllers/WaypointController.php b/app/Http/Controllers/WaypointController.php
index f2d47ce..6702ca8 100644
--- a/app/Http/Controllers/WaypointController.php
+++ b/app/Http/Controllers/WaypointController.php
@@ -28,6 +28,32 @@ class WaypointController extends Controller
         }
     }
 
+    public function addBulk(Request $request)
+    {
+        $data = $request->all();
+        $now = date("Y-m-d H:i:s");
+        $data_send = array();
+
+        if (isset($data['wp_records']) && count($data['wp_records']) > 0) {
+            foreach($data['wp_records'] as $userLoc) {
+                $userLoc['created_at'] = $now;
+                $userLoc['created_by'] = $this->currentName;
+                $userLoc['updated_at'] = $now;
+                $userLoc['updated_by'] = $this->currentName;
+                $data_send[] = $userLoc;
+            }
+            $result = Waypoint::insert($data_send);
+            if($result){
+                return response()->json(['status'=>'success','message'=>'add waypoint successfully!','code'=>200], 200);
+            }else{
+                return response()->json(['status'=>'failed','message'=>'add waypoint failed!','code'=>400], 400);
+            }
+        }
+        else {
+            return response()->json(['status'=>'failed','message'=>'add waypoint failed!','code'=>400], 400);
+        }
+    }
+
     public function edit($id){
         if(!$id || (int) $id < 0 || $id==""){
             return response()->json(['status'=>'failed','message'=>'id is required!','code'=>400], 400);
diff --git a/rest-client.http b/rest-client.http
index 29a58e5..5fc4e13 100644
--- a/rest-client.http
+++ b/rest-client.http
@@ -795,17 +795,19 @@ GET {{hostname}}/presence/clockinout/262
 Authorization: Bearer {{token}}
 content-type: application/json
 
-
+#######
+"clock_out_lat": -1.4264273154149407, 
+    "clock_out_lng": 113.98530036945851, 
 ######
 POST {{hostname}}/presence/add
 Authorization: Bearer {{token}}
 content-type: application/json
 
 {
-    "clock_in_lat": -6.2622811, 
-    "clock_in_lng": 106.7881746, 
+    "clock_out_lat": -6.2622811, 
+    "clock_out_lng": 106.7881746, 
     "clock_time": "2023-02-06T16:40:17+07:00", 
-    "type": "in", 
+    "type": "out", 
     "user_id": 1
 }
 
diff --git a/routes/web.php b/routes/web.php
index f07588b..46b30a2 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -322,6 +322,7 @@ $router->group(['prefix'=>'api', 'middleware' => 'cors'], function () use ($rout
 		$router->post('/report-activity-material/update-status', 'ReportActivityMaterialController@updateStatusStartFinish');
 
 		$router->post('/waypoint/add', 'WaypointController@add');
+		$router->post('/waypoint/add-bulk', 'WaypointController@addBulk');
 		$router->get('/waypoint/edit/{id}', 'WaypointController@edit');
 		$router->put('/waypoint/update/{id}', 'WaypointController@update');
 		$router->post('/waypoint/search', 'WaypointController@search');