diff --git a/FrmLogin.cs b/FrmLogin.cs
index 5251170..5e11149 100644
--- a/FrmLogin.cs
+++ b/FrmLogin.cs
@@ -17,12 +17,91 @@
 
         //登录界面 -- 配置文件的路径
         public static string filename = Application.StartupPath + "\\login.xml";
-
+        public string Message = "";
+        public double lockedTime = 15;
 
         public FrmLogin()
         {
             InitializeComponent();
         }
+        struct lockStruct
+        {
+            public int wrongCount;
+            public DateTime wrongDate;
+        }
+
+        private lockStruct getWCountAndWDateByUser()
+        {
+            // 根据用户名获取wrongPassWord和wrongDate
+            string sql = "select * from casic_userinfotest where USERNAME=:username and sysname='GHFX'";
+            OracleParameter usernameParam = new OracleParameter(":username", txtUser.Text.Trim());
+            DataTable dt = OledbHelper.ExecuteDataTable(sql, usernameParam);
+            lockStruct ls;
+            if (dt == null || dt.Rows.Count <= 0)
+            {
+                ls.wrongCount = -1;
+                ls.wrongDate = DateTime.Parse("01/01/1970 00:00:0"); ;
+                return ls;
+            }
+            else {
+                ls.wrongCount = int.Parse(dt.Rows[0]["WRONGCOUNT"].ToString());
+                if (dt.Rows[0]["wrongDate"].ToString() == "")
+                {
+                    ls.wrongDate = DateTime.Parse("01/01/1970 00:00:0"); ;
+                }
+                else
+                {
+                    ls.wrongDate = DateTime.Parse(dt.Rows[0]["WRONGDATE"].ToString());
+                }
+                return ls;
+            }
+           
+        }
+
+        private double SubTime(DateTime date)
+        {
+            DateTime current = new DateTime();
+            current = DateTime.Now;
+            TimeSpan timeSpan = current.Subtract(date).Duration();
+            double subTime = timeSpan.TotalMinutes;
+            return subTime;
+        }
+
+        private bool valLocked()
+        {
+            lockStruct ls = getWCountAndWDateByUser();
+            double subTime = SubTime(ls.wrongDate);
+            if (ls.wrongCount < 5)
+            {
+                // 如果输错密码小于5次，不锁定
+                return false;
+            }
+            else if (ls.wrongCount == 5 && subTime > lockedTime)
+            {
+                // 如果输错密码大于5次，但是距离上次输错时间已经超过15分钟，不锁定
+                return false;
+            }
+            else
+            {
+                // 如果输错密码大于5次，但是距离上次输错时间还在15分钟内，锁定
+                return true;
+            }
+
+        }
+
+        private void updateWCountAndWDateByUser(int wrongcount, DateTime dt)
+        {
+
+            OracleConnection conn = OledbHelper.sqlConnection();
+            conn.Open();
+            OracleCommand cmd = new OracleCommand();
+            cmd.Connection = conn;
+            cmd.CommandText = "update casic_userinfotest set WRONGCOUNT=" + wrongcount + " , WRONGDATE = to_date('" + dt + "', 'yyyy-MM-dd hh24:mi:ss') where USERNAME='" + txtUser.Text.Trim() + "' and sysname = 'GHFX'";
+            cmd.CommandType = CommandType.Text;
+            cmd.ExecuteNonQuery();
+            conn.Close();
+
+        }
 
         /// <summary>
         /// 登录按钮事件处理
@@ -45,7 +124,8 @@
             }
             else
             {
-                MessageBox.Show("用户名、密码不正确，请重新输入！", "提示");
+                //MessageBox.Show("用户名、密码不正确，请重新输入！", "提示");
+                MessageBox.Show(Message, "提示");
                 txtUser.Clear();
                 textBoxPassWord.Clear();
             }
@@ -57,6 +137,21 @@
         /// <returns></returns>
         private bool ValidateUser()
         {
+            // 查找是否由此用户
+            DataTable dt1 = OledbHelper.ExecuteDataTable("select * from casic_userinfotest where USERNAME=:username and sysname='GHFX'", new OracleParameter(":username", txtUser.Text.Trim()));
+            if (dt1 == null || dt1.Rows.Count <= 0) {
+                Message = "无此用户名，请注册";
+                return false;
+            }
+
+            // 判断用户是否处于被锁定状态
+            bool islocked = valLocked();
+            if (islocked == true)
+            {
+                Message = "登陆错误过多,该账号已被锁定，请等待15分钟后再尝试";
+                return false;
+            }
+
             string passWord = SM4Utils.SM4EncryptStr(textBoxPassWord.Text.Trim());
             string sql = "select * from casic_userinfotest where USERNAME=:username and PASSWORD=:password and sysname='GHFX'";
 
@@ -64,8 +159,21 @@
             OracleParameter passwordParam = new OracleParameter(":password", passWord);
 
             DataTable dt = OledbHelper.ExecuteDataTable(sql, usernameParam, passwordParam);
-            
-            if (dt == null || dt.Rows.Count <= 0) return false;
+            if (dt == null || dt.Rows.Count <= 0)
+            {
+                Message = "用户名、密码不正确，请重新输入！";
+                lockStruct ls = getWCountAndWDateByUser();
+                if (SubTime(ls.wrongDate) > lockedTime)
+                {
+                    updateWCountAndWDateByUser(1, DateTime.Now);
+                }
+                else
+                {
+                    updateWCountAndWDateByUser(ls.wrongCount + 1, DateTime.Now);
+                }
+
+                return false;
+            };
             if (String.IsNullOrEmpty(dt.Rows[0]["rid"].ToString())) return true;
             sql = "select gid from casic_userroletest where id=" + dt.Rows[0]["rid"] + " and sysname='GHFX' ";
             using (OracleDataReader reader = OracleUtils.ExecuteReader(OracleUtils.ConnectionString, CommandType.Text, sql))
@@ -76,6 +184,8 @@
                     break;
                 }
             }
+            // 成功登陆后，累计输错密码的次数清0
+            updateWCountAndWDateByUser(0, DateTime.Now);
             return true;
         }