diff --git a/backend/dvadmin/system/views/user.py b/backend/dvadmin/system/views/user.py
index 66b298f..78a86ea 100644
--- a/backend/dvadmin/system/views/user.py
+++ b/backend/dvadmin/system/views/user.py
@@ -1,6 +1,6 @@
 import hashlib
 
-from django.contrib.auth.hashers import make_password
+from django.contrib.auth.hashers import make_password, check_password
 from django_restql.fields import DynamicSerializerMethodField
 from rest_framework import serializers
 from rest_framework.decorators import action, permission_classes
@@ -347,10 +347,10 @@ class UserViewSet(CustomModelViewSet):
             return ErrorResponse(msg="参数不能为空")
         if new_pwd != new_pwd2:
             return ErrorResponse(msg="两次密码不匹配")
-        check_password = request.user.check_password(old_pwd)
-        if not check_password:
-            check_password = request.user.check_password(hashlib.md5(old_pwd.encode(encoding='UTF-8')).hexdigest())
-        if check_password:
+        verify_password = check_password(old_pwd, self.request.user.password)
+        if not verify_password:
+            verify_password = check_password(hashlib.md5(old_pwd.encode(encoding='UTF-8')).hexdigest(), self.request.user.password)
+        if verify_password:
             request.user.password = make_password(new_pwd)
             request.user.save()
             return DetailResponse(data=None, msg="修改成功")
diff --git a/backend/dvadmin/utils/backends.py b/backend/dvadmin/utils/backends.py
index 92ed5ec..4b28024 100644
--- a/backend/dvadmin/utils/backends.py
+++ b/backend/dvadmin/utils/backends.py
@@ -3,8 +3,11 @@ import logging
 
 from django.contrib.auth import get_user_model
 from django.contrib.auth.backends import ModelBackend
+from django.contrib.auth.hashers import check_password
 from django.utils import timezone
 
+from dvadmin.utils.validator import CustomValidationError
+
 logger = logging.getLogger(__name__)
 UserModel = get_user_model()
 
@@ -24,10 +27,13 @@ class CustomBackend(ModelBackend):
         except UserModel.DoesNotExist:
             UserModel().set_password(password)
         else:
-            check_password = user.check_password(password)
-            if not check_password:
-                check_password = user.check_password(hashlib.md5(password.encode(encoding='UTF-8')).hexdigest())
-            if check_password and self.user_can_authenticate(user):
-                user.last_login = timezone.now()
-                user.save()
-                return user
+            verify_password = check_password(password, user.password)
+            if not verify_password:
+                password = hashlib.md5(password.encode(encoding='UTF-8')).hexdigest()
+                verify_password = check_password(password, user.password)
+            if verify_password:
+                if self.user_can_authenticate(user):
+                    user.last_login = timezone.now()
+                    user.save()
+                    return user
+                raise CustomValidationError("当前用户已被禁用，请联系管理员!")