diff --git a/app/api/auth/route.js b/app/api/auth/route.js
index bbb6c97..5f1bb5a 100644
--- a/app/api/auth/route.js
+++ b/app/api/auth/route.js
@@ -43,12 +43,8 @@ export async function POST(req) {
     }
 
     else if (action === 'login') {
-      // Authenticate user using Supabase admin API (signInWithPassword)
-      const { data, error } = await supabase.auth.admin.signInWithPassword({ email, password })
-      if (error) {
-        return new Response(JSON.stringify({ success: false, message: error.message }), { status: 400 })
-      }
-      return new Response(JSON.stringify({ success: true, message: 'Login successful.' }), { status: 200 })
+      // For login, only verify captcha and return success.
+      return new Response(JSON.stringify({ success: true, message: 'Captcha verified. You can now login using email/password.' }), { status: 200 })
     }
 
     // Invalid action
diff --git a/app/login/page.jsx b/app/login/page.jsx
index 7088bc6..fc16267 100644
--- a/app/login/page.jsx
+++ b/app/login/page.jsx
@@ -42,23 +42,30 @@ export default function LoginPage() {
     try {
       if (!captchaToken) throw new Error('Please complete captcha')
 
-      const res = await fetch('/auth', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({
-          email,
-          password,
-          captchaToken,
-          action: isLogin ? 'login' : 'signup'
-        }),
-      })
-
-      const data = await res.json()
-      if (!data.success) throw new Error(data.message || 'Action failed')
-
       if (isLogin) {
+        // Verify captcha first via API route
+        const verifyRes = await fetch('/auth', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ email, password, captchaToken, action: 'login' }),
+        })
+        const verifyData = await verifyRes.json()
+        if (!verifyData.success) throw new Error(verifyData.message || 'Captcha verification failed')
+
+        // After captcha verified, login using frontend anon key
+        const { error } = await supabase.auth.signInWithPassword({ email, password })
+        if (error) throw error
+
         router.push('/dashboard')
       } else {
+        // Signup flow remains the same
+        const res = await fetch('/auth', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ email, password, captchaToken, action: 'signup' }),
+        })
+        const data = await res.json()
+        if (!data.success) throw new Error(data.message || 'Signup failed')
         alert(data.message)
         setIsLogin(true)
       }