diff --git a/src/routes/login/+page.server.ts b/src/routes/login/+page.server.ts
index fa7e449..bd2e0be 100644
--- a/src/routes/login/+page.server.ts
+++ b/src/routes/login/+page.server.ts
@@ -1,8 +1,10 @@
 import { dev } from '$app/environment';
+import { PARSE_ERROR } from '$lib/server/commonResponses';
 import { users } from '$lib/server/db';
 import { createSession } from '$lib/server/sessions';
 import { fail, redirect } from '@sveltejs/kit';
 import bcrypt from 'bcryptjs';
+import { z } from 'zod';
 import type { Actions } from './$types';
 
 export const actions = {
@@ -11,21 +13,23 @@ export const actions = {
       redirect(302, '/dash');
     }
 
-    const data = await request.formData();
-    const username = data.get('username')?.toString();
-    const password = data.get('password')?.toString();
+    const schema = z.object({
+      username: z.string({ message: 'Username is required.' }).trim(),
+      password: z.string({ message: 'Password is required.' }),
+    });
 
-    if (!username || !password) {
-      return fail(400, {
-        error: 'MISSING_CREDENTIALS',
-      });
+    const data = await request.formData();
+    const parsed = schema.safeParse(Object.fromEntries(data.entries()));
+
+    if (!parsed.success) {
+      return PARSE_ERROR(parsed.error);
     }
 
-    const user = await users.getByName(username);
+    const user = await users.getByName(parsed.data.username);
 
-    if (!user || !bcrypt.compareSync(password, user.password)) {
+    if (!user || !bcrypt.compareSync(parsed.data.password, user.password)) {
       return fail(403, {
-        error: 'INVALID_CREDENTIALS',
+        error: 'Could not sign in. Please verify your username/password are correct.',
       });
     }