diff --git a/auth.php b/auth.php
index 4fddfdb..e0a1be1 100644
--- a/auth.php
+++ b/auth.php
@@ -2,51 +2,81 @@
 session_start();
 require_once __DIR__ . '/db/config.php';
 
+header('Content-Type: application/json');
+
 $action = $_GET['action'] ?? '';
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $pdo = db();
-    if ($action === 'register') {
-        $username = trim($_POST['username']);
-        $password = $_POST['password'];
-        $confirm_password = $_POST['confirm_password'];
+    try {
+        $pdo = db();
+        if ($action === 'register') {
+            $username = trim($_POST['username'] ?? '');
+            $password = $_POST['password'] ?? '';
+            $confirm_password = $_POST['confirm_password'] ?? '';
 
-        if ($password !== $confirm_password) {
-            die("Passwords do not match.");
-        }
+            if (empty($username) || empty($password)) {
+                echo json_encode(['code' => 1, 'msg' => '用户名和密码不能为空']);
+                exit;
+            }
 
-        $hash = password_hash($password, PASSWORD_DEFAULT);
-        
-        // Check if this is the first user
-        $stmt = $pdo->query("SELECT COUNT(*) FROM users");
-        $count = $stmt->fetchColumn();
-        $role = ($count == 0) ? 'admin' : 'user';
+            if ($password !== $confirm_password) {
+                echo json_encode(['code' => 1, 'msg' => '两次输入的密码不一致']);
+                exit;
+            }
+
+            // Check if user exists
+            $stmt = $pdo->prepare("SELECT id FROM users WHERE username = ?");
+            $stmt->execute([$username]);
+            if ($stmt->fetch()) {
+                echo json_encode(['code' => 1, 'msg' => '用户名已存在']);
+                exit;
+            }
+
+            $hash = password_hash($password, PASSWORD_DEFAULT);
+            
+            // Check if this is the first user
+            $stmt = $pdo->query("SELECT COUNT(*) FROM users");
+            $count = $stmt->fetchColumn();
+            $role = ($count == 0) ? 'admin' : 'user';
 
-        try {
             $stmt = $pdo->prepare("INSERT INTO users (username, password_hash, role) VALUES (?, ?, ?)");
             $stmt->execute([$username, $hash, $role]);
-            header('Location: index.php?registered=1');
-            exit;
-        } catch (PDOException $e) {
-            die("Registration failed: " . $e->getMessage());
-        }
-    } elseif ($action === 'login') {
-        $username = trim($_POST['username']);
-        $password = $_POST['password'];
+            
+            // Auto login after registration
+            $userId = $pdo->lastInsertId();
+            $_SESSION['user_id'] = $userId;
+            $_SESSION['username'] = $username;
+            $_SESSION['role'] = $role;
 
-        $stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
-        $stmt->execute([$username]);
-        $user = $stmt->fetch();
-
-        if ($user && password_verify($password, $user['password_hash'])) {
-            $_SESSION['user_id'] = $user['id'];
-            $_SESSION['username'] = $user['username'];
-            $_SESSION['role'] = $user['role'];
-            header('Location: dashboard.php');
+            echo json_encode(['code' => 0, 'msg' => '注册成功']);
             exit;
-        } else {
-            die("Invalid credentials.");
+        } elseif ($action === 'login') {
+            $username = trim($_POST['username'] ?? '');
+            $password = $_POST['password'] ?? '';
+
+            if (empty($username) || empty($password)) {
+                echo json_encode(['code' => 1, 'msg' => '用户名和密码不能为空']);
+                exit;
+            }
+
+            $stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
+            $stmt->execute([$username]);
+            $user = $stmt->fetch();
+
+            if ($user && password_verify($password, $user['password_hash'])) {
+                $_SESSION['user_id'] = $user['id'];
+                $_SESSION['username'] = $user['username'];
+                $_SESSION['role'] = $user['role'];
+                echo json_encode(['code' => 0, 'msg' => '登录成功']);
+                exit;
+            } else {
+                echo json_encode(['code' => 1, 'msg' => '用户名或密码错误']);
+                exit;
+            }
         }
+    } catch (Exception $e) {
+        echo json_encode(['code' => 1, 'msg' => '服务器错误: ' . $e->getMessage()]);
+        exit;
     }
 }
 
@@ -55,3 +85,5 @@ if ($action === 'logout') {
     header('Location: index.php');
     exit;
 }
+
+echo json_encode(['code' => 1, 'msg' => '无效的请求']);
\ No newline at end of file
diff --git a/db/schema.sql b/db/schema.sql
index 3b3c087..d01b773 100644
--- a/db/schema.sql
+++ b/db/schema.sql
@@ -27,6 +27,7 @@ CREATE TABLE IF NOT EXISTS sms_orders (
     cost DECIMAL(10, 2),
     sms_content TEXT,
     status ENUM('pending', 'received', 'canceled', 'expired') DEFAULT 'pending',
+    expire_at TIMESTAMP NULL,
     created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
     FOREIGN KEY (user_id) REFERENCES users(id)
 );
@@ -59,4 +60,4 @@ ON DUPLICATE KEY UPDATE setting_value = VALUES(setting_value);
 -- Default Admin (admin / admin123)
 INSERT INTO users (username, password_hash, role) VALUES 
 ('admin', '$2y$10$QbKYSCqJI0WQLyf6NNSML.ukYrOZ0MdY61ZpK7Ekn5QQ/A9oDr.hu', 'admin')
-ON DUPLICATE KEY UPDATE role = 'admin';
+ON DUPLICATE KEY UPDATE role = 'admin';
\ No newline at end of file