diff --git a/api/auth/Login.php b/api/auth/Login.php
index 8e4dd3e61a5577fec5789d57a2bec79bd2ee2637..19b08b93699796e1bdb182850be34abe1d8dbb10 100644
--- a/api/auth/Login.php
+++ b/api/auth/Login.php
@@ -5,18 +5,20 @@ include "../../config/config.php";
 include "../../app/core/database.php";
 
 $key = "mahasiswa_leveling";
-
 $username = $_POST['username'];
-$uen_password = $_POST['password'];
-$password = openssl_encrypt($uen_password, "AES-256-CBC", $key, 0, substr(md5($key), 0, 16));
-
+$password = $_POST['password'];
+// $password = openssl_encrypt($uen_password, "AES-256-CBC", $key, 0, substr(md5($key), 0, 16));
 $conn = Database::getInstance();
+$query = "SELECT * FROM users WHERE username = ?";
+$stmt = $conn->prepare($query);
+$stmt->bind_param("s", $username);
+$stmt->execute();
+$result = $stmt->get_result();
+$data = $result->fetch_assoc();
+$hashPassword = $data['password'];
 
-$result = $conn->query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");
-
-if ($result->num_rows > 0) {
+if (password_verify($password, $hashPassword)) {
     $_SESSION['username'] = $username; // Menyimpan username dalam sesi
-    $data = $result->fetch_assoc();
     $_SESSION['isAdmin'] = $data['isAdmin']; // Menyimpan isAdmin dalam sesi
     echo 'success';
 } else {