diff --git a/app/Http/Controllers/Api/AuthApiController.php b/app/Http/Controllers/Api/AuthApiController.php
index bb1bc68..7161bae 100755
--- a/app/Http/Controllers/Api/AuthApiController.php
+++ b/app/Http/Controllers/Api/AuthApiController.php
@@ -11,6 +11,7 @@ use App\Models\User;
 use App\Models\Agent;
 use App\Models\AgentUser;
 use App\Http\Requests\Api\RegisterApiRequest;
+use App\Http\Requests\Api\LoginApiRequest;
 
 class AuthApiController extends BaseAuthApiController
 {
@@ -21,20 +22,20 @@ class AuthApiController extends BaseAuthApiController
     const GENERAL = 'general';
 
     //
-    public function login(Request $request)
+    public function login(LoginApiRequest $request)
     {
-        $validator = \Illuminate\Support\Facades\Validator::make($request->all(), [
-            'username' => 'required|email',
-            'password' => 'required'
-        ]);
-        if ($validator->fails()) {
-            return $this->sendError('Validation Error.', $validator->errors());
+        if (filter_var($request->username, FILTER_VALIDATE_EMAIL)) {
+            $user = User::where('email', $request->username)->first();
+        } else {
+            $user = User::where('phone', $request->username)->first();
         }
-
-        if (!Auth::attempt(['email' => $request->username, 'password' => $request->password])) {
-            return $this->sendError('Unauthorised.', ['error' => 'Unauthorised']);
+        if(empty($user)){
+            return response()->json(['status' =>false, 'msg' => 'Email hoặc SDT chưa được đăng ký.'], parent::HTTP_OK);
         }
-        $user = User::where('email', $request->username)->first();
+        if (!Auth::attempt(['id' => $user->id, 'password' => $request->password])) {
+            return response()->json(['Tài khoản hoặc mật khẩu không chính xác. Vui lòng thử lại.'], parent::HTTP_OK);
+        }
+        $user = User::find($user->id);
 
         if (empty($user)) {
             $this->sendError('Error: ', ['error' => 'Email invalid']);
@@ -90,10 +91,10 @@ class AuthApiController extends BaseAuthApiController
         // if ($validator->fails()) {
         //     return $this->sendError('Validation Error.', $validator->errors());
         // }
-        
+
         $checkUserAgent = AgentUser::where('code', '=', $request->agents_code)->first();
         if (empty($checkUserAgent)) {
-            return response()->json(['status' => false, 'message' => 'Đăng ký thất bại, Không tìm thấy đại lý.']);
+            return response()->json(['status' => false, 'msg' => 'Đăng ký thất bại, Không tìm thấy đại lý.']);
         }
 
         $dataInsert = $this->transformRegisterData($request->all());
@@ -132,7 +133,7 @@ class AuthApiController extends BaseAuthApiController
         // Response
         return response()->json([
             'status' => true,
-            'message' => 'Đăng xuất thành công.'
+            'msg' => 'Đăng xuất thành công.'
         ]);
     }
     function transformRegisterData($data)
diff --git a/app/Http/Controllers/Api/BaseAuthApiController.php b/app/Http/Controllers/Api/BaseAuthApiController.php
index aa479c9..3909b4a 100644
--- a/app/Http/Controllers/Api/BaseAuthApiController.php
+++ b/app/Http/Controllers/Api/BaseAuthApiController.php
@@ -1,11 +1,76 @@
 <?php
 
 namespace App\Http\Controllers\Api;
+
 use Illuminate\Http\Request;
 use App\Http\Controllers\Controller as Controller;
 
 class BaseAuthApiController extends Controller
 {
+
+    const HTTP_CONTINUE = 100;
+    const HTTP_SWITCHING_PROTOCOLS = 101;
+    const HTTP_PROCESSING = 102;            // RFC2518
+    const HTTP_OK = 200;
+    const HTTP_CREATED = 201;
+    const HTTP_ACCEPTED = 202;
+    const HTTP_NON_AUTHORITATIVE_INFORMATION = 203;
+    const HTTP_NO_CONTENT = 204;
+    const HTTP_RESET_CONTENT = 205;
+    const HTTP_PARTIAL_CONTENT = 206;
+    const HTTP_MULTI_STATUS = 207;          // RFC4918
+    const HTTP_ALREADY_REPORTED = 208;      // RFC5842
+    const HTTP_IM_USED = 226;               // RFC3229
+    const HTTP_MULTIPLE_CHOICES = 300;
+    const HTTP_MOVED_PERMANENTLY = 301;
+    const HTTP_FOUND = 302;
+    const HTTP_SEE_OTHER = 303;
+    const HTTP_NOT_MODIFIED = 304;
+    const HTTP_USE_PROXY = 305;
+    const HTTP_RESERVED = 306;
+    const HTTP_TEMPORARY_REDIRECT = 307;
+    const HTTP_PERMANENTLY_REDIRECT = 308;  // RFC7238
+    const HTTP_BAD_REQUEST = 400;
+    const HTTP_UNAUTHORIZED = 401;
+    const HTTP_PAYMENT_REQUIRED = 402;
+    const HTTP_FORBIDDEN = 403;
+    const HTTP_NOT_FOUND = 404;
+    const HTTP_METHOD_NOT_ALLOWED = 405;
+    const HTTP_NOT_ACCEPTABLE = 406;
+    const HTTP_PROXY_AUTHENTICATION_REQUIRED = 407;
+    const HTTP_REQUEST_TIMEOUT = 408;
+    const HTTP_CONFLICT = 409;
+    const HTTP_GONE = 410;
+    const HTTP_LENGTH_REQUIRED = 411;
+    const HTTP_PRECONDITION_FAILED = 412;
+    const HTTP_REQUEST_ENTITY_TOO_LARGE = 413;
+    const HTTP_REQUEST_URI_TOO_LONG = 414;
+    const HTTP_UNSUPPORTED_MEDIA_TYPE = 415;
+    const HTTP_REQUESTED_RANGE_NOT_SATISFIABLE = 416;
+    const HTTP_EXPECTATION_FAILED = 417;
+    const HTTP_I_AM_A_TEAPOT = 418;                                               // RFC2324
+    const HTTP_MISDIRECTED_REQUEST = 421;                                         // RFC7540
+    const HTTP_UNPROCESSABLE_ENTITY = 422;                                        // RFC4918
+    const HTTP_LOCKED = 423;                                                      // RFC4918
+    const HTTP_FAILED_DEPENDENCY = 424;                                           // RFC4918
+    const HTTP_RESERVED_FOR_WEBDAV_ADVANCED_COLLECTIONS_EXPIRED_PROPOSAL = 425;   // RFC2817
+    const HTTP_UPGRADE_REQUIRED = 426;                                            // RFC2817
+    const HTTP_PRECONDITION_REQUIRED = 428;                                       // RFC6585
+    const HTTP_TOO_MANY_REQUESTS = 429;                                           // RFC6585
+    const HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE = 431;                             // RFC6585
+    const HTTP_UNAVAILABLE_FOR_LEGAL_REASONS = 451;
+    const HTTP_INTERNAL_SERVER_ERROR = 500;
+    const HTTP_NOT_IMPLEMENTED = 501;
+    const HTTP_BAD_GATEWAY = 502;
+    const HTTP_SERVICE_UNAVAILABLE = 503;
+    const HTTP_GATEWAY_TIMEOUT = 504;
+    const HTTP_VERSION_NOT_SUPPORTED = 505;
+    const HTTP_VARIANT_ALSO_NEGOTIATES_EXPERIMENTAL = 506;                        // RFC2295
+    const HTTP_INSUFFICIENT_STORAGE = 507;                                        // RFC4918
+    const HTTP_LOOP_DETECTED = 508;                                               // RFC5842
+    const HTTP_NOT_EXTENDED = 510;                                                // RFC2774
+    const HTTP_NETWORK_AUTHENTICATION_REQUIRED = 511;   
+                              // RFC6585
     /**
      * success response method.
      *
@@ -13,9 +78,9 @@ class BaseAuthApiController extends Controller
      */
     public function sendResponse($result, $message)
     {
-    	$response = [
+        $response = [
             'success' => true,
-            'data'    => $result,
+            'data' => $result,
             'message' => $message,
         ];
         return response()->json($response, 200);
@@ -28,12 +93,12 @@ class BaseAuthApiController extends Controller
      */
     public function sendError($error, $errorMessages = [], $code = 404)
     {
-    	$response = [
+        $response = [
             'success' => false,
             'message' => $error,
         ];
 
-        if(!empty($errorMessages)){
+        if (!empty($errorMessages)) {
             $response['data'] = $errorMessages;
         }
         return response()->json($response, $code);
diff --git a/app/Http/Requests/Api/LoginApiRequest.php b/app/Http/Requests/Api/LoginApiRequest.php
new file mode 100755
index 0000000..3cdc3a7
--- /dev/null
+++ b/app/Http/Requests/Api/LoginApiRequest.php
@@ -0,0 +1,63 @@
+<?php
+
+namespace App\Http\Requests\Api;
+
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Contracts\Validation\Validator;
+use Illuminate\Http\Exceptions\HttpResponseException;
+
+
+class LoginApiRequest extends FormRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+    public function authorize()
+    {
+        return true;
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, mixed>
+     */
+    public function rules()
+    {
+        return [
+            'username' => 'required|email_or_phone',
+            'password' => 'required'
+        ];
+    }
+    /**
+     * Get the error messages for the defined validation rules.
+     *
+     * @return array
+     */
+    public function messages()
+    {
+        return [
+            'username.email_or_phone' => 'Tên đăng nhập phải là email hoặc số điện thoại hợp lệ.',
+            'username.required' => 'Tên đăng nhập không được để trống.',
+            'required.required' => 'Mật khẩu không được để trống.',
+        ];
+    }
+    /**
+     * Handle a failed validation attempt.
+     *
+     * @param  \Illuminate\Contracts\Validation\Validator  $validator
+     * @return void
+     *
+     * @throws \Illuminate\Http\Exceptions\HttpResponseException
+     */
+    protected function failedValidation(Validator $validator)
+    {
+        throw new HttpResponseException(response()->json([
+            'status' => false,
+            'msg' => $validator->errors()
+        ], 200));
+    }
+    
+}
diff --git a/app/Http/Requests/Api/RegisterApiRequest.php b/app/Http/Requests/Api/RegisterApiRequest.php
index 3c027ed..e91bb56 100755
--- a/app/Http/Requests/Api/RegisterApiRequest.php
+++ b/app/Http/Requests/Api/RegisterApiRequest.php
@@ -72,7 +72,7 @@ class RegisterApiRequest extends FormRequest
     {
         throw new HttpResponseException(response()->json([
             'status' => false,
-            'message' => $validator->errors()
+            'msg' => $validator->errors()
         ], 200));
     }
     
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
index ee8ca5b..310ab14 100755
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -3,6 +3,7 @@
 namespace App\Providers;
 
 use Illuminate\Support\ServiceProvider;
+use Illuminate\Support\Facades\Validator;
 
 class AppServiceProvider extends ServiceProvider
 {
@@ -23,6 +24,19 @@ class AppServiceProvider extends ServiceProvider
      */
     public function boot()
     {
-        //
+        Validator::extend('email_or_phone', function($attribute, $value, $parameters, $validator) {
+            // check email
+            if (filter_var($value, FILTER_VALIDATE_EMAIL)) {
+                return true;
+            }
+
+            // check phone
+            $phoneRegex = '/^[0-9]{9,11}$/'; // custom phone here
+            return preg_match($phoneRegex, $value);
+        });
+
+        Validator::replacer('email_or_phone', function($message, $attribute, $rule, $parameters) {
+            return str_replace(':attribute', $attribute, ':attribute phải là email hoặc số điện thoại hợp lệ.');
+        });
     }
 }