diff --git a/login.php b/login.php
index a7454f5..5bf65de 100644
--- a/login.php
+++ b/login.php
@@ -2,34 +2,18 @@
 session_start();
 require 'db.php';
 
-$ip = $_SERVER['REMOTE_ADDR'];
+if ($_POST) {
+    $stmt = $pdo->query("SELECT * FROM admin LIMIT 1");
+    $admin = $stmt->fetch();
 
-/* Rate limit: 1 post / minute */
-$stmt = $pdo->prepare("SELECT created_at FROM posts WHERE ip=? ORDER BY created_at DESC LIMIT 1");
-$stmt->execute([$ip]);
-$last = $stmt->fetch();
-
-if ($last && strtotime($last['created_at']) > time() - 60) {
-    die("Rate limit exceeded (1 post/minute)");
-}
-
-$imageName = null;
-
-if (!empty($_FILES['image']['name'])) {
-    if ($_FILES['image']['size'] > 2 * 1024 * 1024) {
-        die("Image too large");
+    if ($admin && password_verify($_POST['password'], $admin['password_hash'])) {
+        $_SESSION['admin'] = true;
+        header("Location: index.php");
+        exit;
     }
-
-    $ext = strtolower(pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION));
-    if (!in_array($ext, ['png', 'jpeg', 'jpg'])) {
-        die("Invalid file type");
-    }
-
-    $imageName = uniqid() . '.' . $ext;
-    move_uploaded_file($_FILES['image']['tmp_name'], "uploads/$imageName");
 }
-
-$stmt = $pdo->prepare("INSERT INTO posts (message, image, ip) VALUES (?, ?, ?)");
-$stmt->execute([$_POST['message'], $imageName, $ip]);
-
-header("Location: index.php");
+?>
+<form method="POST">
+<input type="password" name="password">
+<button>Login</button>
+</form>