async function login() {
    const userVal = document.getElementById('user').value;
    const passVal = document.getElementById('pass').value;
    const key = "Henan_ZZ_2026"; 

    try {
        const res = await fetch('./users.json');
        const list = await res.json();
        const item = list.find(u => u.uid === userVal);

        if (item) {
            // 🔒 显式指定解密逻辑
            const bytes = CryptoJS.AES.decrypt(item.payload, key);
            const decryptedDataStr = bytes.toString(CryptoJS.enc.Utf8);

            // ⚠️ 检查点：如果解密出来是空字符串，说明密钥或数据不对
            if (!decryptedDataStr) {
                console.error("解密结果为空，请检查密钥！");
                showError();
                return;
            }

            const userData = JSON.parse(decryptedDataStr);

            if (userData.password === passVal) {
                // 登录成功，Base64二次混淆存入Session
                sessionStorage.setItem('currentUser', btoa(encodeURIComponent(JSON.stringify(userData))));
                window.location.href = 'badge.html';
                return;
            }
        }
        showError();
    } catch (e) { 
        console.error("错误详情:", e);
        showError(); 
    }
}