diff --git a/backend/src/handlers.rs b/backend/src/handlers.rs
index fd02df7..f6c7914 100644
--- a/backend/src/handlers.rs
+++ b/backend/src/handlers.rs
@@ -108,61 +108,73 @@ pub async fn admin_login(
     db: web::Data<Arc<Mutex<Connection>>>,
     credentials: web::Json<LoginCredentials>,
 ) -> impl Responder {
-    let conn = db.lock().unwrap();
+    let conn = match db.lock() {
+        Ok(conn) => conn,
+        Err(_) => return HttpResponse::InternalServerError().body("Database lock error"),
+    };
 
     let mut stmt =
         match conn.prepare("SELECT username, password_hash FROM admin_users WHERE username = ?1") {
             Ok(stmt) => stmt,
-            Err(e) => return HttpResponse::InternalServerError().body(format!("Error: {}", e)),
+            Err(e) => {
+                return HttpResponse::InternalServerError().body(format!("Database error: {}", e))
+            }
         };
 
-    let admin: Option<AdminUser> = stmt
-        .query_row([&credentials.username], |row| {
-            Ok(AdminUser {
-                username: row.get(0)?,
-                password_hash: row.get(1)?,
-            })
+    let admin: Option<AdminUser> = match stmt.query_row([&credentials.username], |row| {
+        Ok(AdminUser {
+            username: row.get(0)?,
+            password_hash: row.get(1)?,
         })
-        .ok();
+    }) {
+        Ok(admin) => Some(admin),
+        Err(rusqlite::Error::QueryReturnedNoRows) => None, // No user found
+        Err(e) => return HttpResponse::InternalServerError().body(format!("Query error: {}", e)),
+    };
 
     match admin {
         Some(user) => {
-            let parsed_hash = PasswordHash::new(&user.password_hash).unwrap();
-            let argon2 = Argon2::default();
+            let parsed_hash = match PasswordHash::new(&user.password_hash) {
+                Ok(hash) => hash,
+                Err(_) => {
+                    return HttpResponse::InternalServerError()
+                        .body("Invalid password hash format in database")
+                }
+            };
 
+            let argon2 = Argon2::default();
             let is_valid = argon2
                 .verify_password(credentials.password.as_bytes(), &parsed_hash)
                 .is_ok();
 
             if is_valid {
-                let expiration = SystemTime::now()
-                    .duration_since(UNIX_EPOCH)
-                    .unwrap()
-                    .as_secs() as usize
-                    + 24 * 3600;
+                let expiration = match SystemTime::now().duration_since(UNIX_EPOCH) {
+                    Ok(duration) => duration.as_secs() as usize + 24 * 3600,
+                    Err(_) => return HttpResponse::InternalServerError().body("System time error"),
+                };
 
                 let claims = Claims {
                     sub: user.username,
                     exp: expiration,
                 };
 
-                let token = encode(
+                let token = match encode(
                     &Header::default(),
                     &claims,
                     &EncodingKey::from_secret("your-secret-key".as_ref()),
-                )
-                .unwrap();
+                ) {
+                    Ok(token) => token,
+                    Err(_) => {
+                        return HttpResponse::InternalServerError().body("Token generation error")
+                    }
+                };
 
                 HttpResponse::Ok().json(json!({ "token": token }))
             } else {
-                HttpResponse::Unauthorized().json(json!({
-                    "error": "Invalid credentials"
-                }))
+                HttpResponse::Unauthorized().json(json!({ "error": "Invalid credentials" }))
             }
         }
-        None => HttpResponse::Unauthorized().json(json!({
-            "error": "Invalid credentials"
-        })),
+        None => HttpResponse::Unauthorized().json(json!({ "error": "Invalid credentials" })),
     }
 }