diff --git a/servers/boe-server-all/src/main/java/com/xboe/system/api/SysLoginApi.java b/servers/boe-server-all/src/main/java/com/xboe/system/api/SysLoginApi.java
index 40b1d0b5..31f7c208 100644
--- a/servers/boe-server-all/src/main/java/com/xboe/system/api/SysLoginApi.java
+++ b/servers/boe-server-all/src/main/java/com/xboe/system/api/SysLoginApi.java
@@ -99,6 +99,14 @@ public class SysLoginApi extends ApiBaseController {
             if (!code.toLowerCase().equals(verCode)) {
                 return error("验证码错误");
             }
+
+            // 从redis缓存中获取5分钟内登陆错误的次数
+            String loginErrorNum = redisTemplate.opsForValue().get(CacheName.NAME_USER_LOGIN_ERROR_NUM);
+            Integer loginErrorCount = 0;
+            if(loginErrorNum != null || !loginErrorNum.equals("")){
+                loginErrorCount = Integer.parseInt(loginErrorNum);
+            }
+
             // 检查系统用户是否存在
             Account account = accountService.check(loginName,null);
             String passStr = "";
@@ -106,8 +114,17 @@ public class SysLoginApi extends ApiBaseController {
                 passStr = MD5Util.MD5Encode(password + account.getPassKey());
             }
 
+
             if (account == null || StringUtil.isBlank(passStr) || !passStr.equals(account.getPassValue())) {
-                return error("用户名或密码错误");
+                if(loginErrorCount >=5){
+                    redisTemplate.opsForValue().set(CacheName.NAME_USER_LOGIN_ERROR_NUM, "5", 5, TimeUnit.MINUTES);
+                    return error("由于您登录失败次数过多，账号已被锁定！");
+                }else{
+                    loginErrorCount = loginErrorCount + 1;
+                    redisTemplate.opsForValue().set(CacheName.NAME_USER_LOGIN_ERROR_NUM, loginErrorCount+"", 5, TimeUnit.MINUTES);
+                    return error("用户名或密码错误，您还有"+(5-loginErrorCount)+"次登录机会");
+                }
+//                return error("用户名或密码错误");
             }
 
             if (account.getStatus().equals(Constants.ACCOUNT_STATUS_DEACTIVATE)) {