diff --git a/features/security/account.go b/features/security/account.go
index 2962ec6f..a699160d 100644
--- a/features/security/account.go
+++ b/features/security/account.go
@@ -75,12 +75,12 @@ func LoginFromOMC(w http.ResponseWriter, r *http.Request) {
 			services.ResponseBadRequest400IncorrectLogin(w)
 		}
 	*/
-	validUser, user, _ := dborm.XormCheckLoginUser(oAuthBody.UserName,
+	validUser, user, err := dborm.XormCheckLoginUser(oAuthBody.UserName,
 		oAuthBody.Value, config.GetYamlConfig().Auth.Crypt)
-	if !validUser {
+	if !validUser && err != nil {
 		// response 400-4
 		log.Error("Authentication failed, mismatch user or password")
-		services.ResponseBadRequest400IncorrectLogin(w)
+		services.ResponseErrorWithJson(w, 400, err.Error())
 		return
 	}
 
@@ -98,15 +98,15 @@ func LoginFromOMC(w http.ResponseWriter, r *http.Request) {
 
 		return
 	}
+
 	services.ResponseStatusOK200Login(w, token, user)
-	return
 }
 
 func LogoutFromOMC(w http.ResponseWriter, r *http.Request) {
 	log.Info("LogoutFromOMC processing... ")
 
 	// check media type(content type) only support "application/json"
-	if services.IsVallidContentType(r, config.GetYamlConfig().OMC.CheckContentType) == false {
+	if services.IsVallidContentType(r, !config.GetYamlConfig().OMC.CheckContentType) {
 		log.Error("Invalid Content-Type")
 		services.ResponseUnsupportedMediaType415(w)
 		return
@@ -122,7 +122,7 @@ func LogoutFromOMC(w http.ResponseWriter, r *http.Request) {
 	// error processing ...
 	// 401-1 response
 	token, ret := oauth.IsCarriedToken(r)
-	if ret == false {
+	if !ret {
 		log.Error("AccessToken is not carried")
 		services.ResponseUnauthorized401AccessTokenNotCarried(w)
 		return
@@ -135,7 +135,6 @@ func LogoutFromOMC(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	services.ResponseStatusOK200Null(w)
-	return
 }
 
 func HandshakeFromOMC(w http.ResponseWriter, r *http.Request) {
@@ -158,7 +157,7 @@ func HandshakeFromOMC(w http.ResponseWriter, r *http.Request) {
 	// error processing ...
 	// 401-1 response
 	token, ret := oauth.IsCarriedToken(r)
-	if ret == false {
+	if !ret {
 		log.Error("AccessToken is not carried")
 		services.ResponseUnauthorized401AccessTokenNotCarried(w)
 		return
@@ -171,5 +170,4 @@ func HandshakeFromOMC(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	services.ResponseStatusOK200Null(w)
-	return
 }
diff --git a/lib/dborm/dborm.go b/lib/dborm/dborm.go
index 3aef6713..f1a4a51d 100644
--- a/lib/dborm/dborm.go
+++ b/lib/dborm/dborm.go
@@ -690,7 +690,7 @@ func XormCheckLoginUser(name, password, cryptArgo string) (bool, *User, error) {
 	//	has, err := xEngine.Table("user").Where("name='%s' and password=PASSWORD('%s')", name, password).Get(user)
 	switch cryptArgo {
 	case "mysql":
-		has, err := xEngine.SQL("select * from user where status='Active' and account_id=? and password=PASSWORD(?)", name, password).Exist()
+		has, err := xEngine.SQL("select * from user where account_id=? and password=PASSWORD(?)", name, password).Exist()
 		if err != nil || has == false {
 			log.Error("Failed to check user from database:", err)
 
@@ -698,13 +698,13 @@ func XormCheckLoginUser(name, password, cryptArgo string) (bool, *User, error) {
 		}
 	case "md5":
 		has, err := xEngine.
-			SQL("select * from user where status='Active' and account_id=? and password=MD5(?)", name, password).Exist()
+			SQL("select * from user where account_id=? and password=MD5(?)", name, password).Exist()
 		if err != nil || has == false {
 			log.Error("Failed to check user from database:", err)
 			return false, nil, err
 		}
 	case "bcrypt":
-		has, err := xEngine.Table("user").Where("status='Active' and account_id=?", name).Get(user)
+		has, err := xEngine.Table("user").Where("account_id=?", name).Get(user)
 		if err != nil || has == false {
 			log.Error("Failed to get user from database:", err)
 			return false, nil, err
@@ -720,6 +720,53 @@ func XormCheckLoginUser(name, password, cryptArgo string) (bool, *User, error) {
 		return false, nil, err
 	}
 
+	// enum('Active','Closed','Locked','Pending')
+	errMsg := ""
+	switch user.Status {
+	case "Closed":
+		errMsg = "账户已禁用"
+	case "Locked":
+		errMsg = "账户已锁定"
+	case "Pending":
+		errMsg = "账户过期"
+	}
+	if errMsg != "" {
+		log.Error("user Status:%s", errMsg)
+		return false, nil, errors.New(errMsg)
+	}
+
+	// 密码到期时间
+	if user.PasswordExpiration != "" {
+		arr := strings.Split(user.PasswordExpiration, " ")
+		if len(arr) > 0 {
+			t, err := time.Parse("2006-01-02", arr[0])
+			if err != nil {
+				return false, nil, err
+			}
+			if t.Before(time.Now()) {
+				errMsg := "密码到期时间"
+				log.Error("PasswordExpiration:%s", errMsg)
+				return false, nil, errors.New(errMsg)
+			}
+		}
+	}
+
+	// 用户到期时间
+	if user.UserExpiration != "" {
+		arr := strings.Split(user.UserExpiration, " ")
+		if len(arr) > 0 {
+			t, err := time.Parse("2006-01-02", arr[0])
+			if err != nil {
+				return false, nil, err
+			}
+			if t.Before(time.Now()) {
+				errMsg := "用户到期时间"
+				log.Error("UserExpiration:%s", errMsg)
+				return false, nil, errors.New(errMsg)
+			}
+		}
+	}
+
 	return true, user, nil
 }