diff --git a/module/user/config.php b/module/user/config.php
index f5583d1f21..f2c9b2df56 100644
--- a/module/user/config.php
+++ b/module/user/config.php
@@ -2,3 +2,4 @@
 $config->user->create->requiredFields = 'account,realname,password,password1,password2';
 $config->user->edit->requiredFields   = 'account,realname';
 $config->user->failTimes = 5;
+$config->user->lockHours = 0.5;
diff --git a/module/user/control.php b/module/user/control.php
index 5c81b53130..f7fb9eb483 100644
--- a/module/user/control.php
+++ b/module/user/control.php
@@ -384,7 +384,7 @@ class user extends control
             if($this->post->password) $password = $this->post->password;
             if($this->get->password)  $password = $this->get->password;
 
-            if($this->user->checkLocked($account)) die(js::error($this->lang->user->loginLocked));
+            if($this->user->checkLocked($account)) die(js::error(sprintf($this->lang->user->loginLocked, $this->config->user->lockHours)));
             
             $user = $this->user->identify($account, $password);
 
@@ -442,8 +442,17 @@ class user extends control
             }
             else
             {
-                $this->user->failPlus($account);
                 if($this->app->getViewType() == 'json') die(json_encode(array('status' => 'failed')));
+                $fails       = $this->user->failPlus($account);
+                $remainTimes = $this->config->user->failTimes - $fails;
+                if($remainTimes <= 0)
+                {
+                    die(js::error(sprintf($this->lang->user->loginLocked, $this->config->user->lockHours)));
+                }
+                else if($remainTimes <= 3)
+                {
+                    die(js::error(sprintf($this->lang->user->lockWarning, $remainTimes)));
+                }
                 die(js::error($this->lang->user->loginFailed));
             }
         }
diff --git a/module/user/lang/en.php b/module/user/lang/en.php
index 853b83af85..79e3f0ca0b 100644
--- a/module/user/lang/en.php
+++ b/module/user/lang/en.php
@@ -46,7 +46,8 @@ $lang->user->editProfile = 'Edit profile';
 
 $lang->user->errorDeny   = "Sorry, you can't access the <b>%s</b> module's <b>%s</b> feature";
 $lang->user->loginFailed = "Login failed, please check your account and password.";
-$lang->user->loginLocked = "You try the password too many times, please contact the administrator.";
+$lang->user->lockWarning = "You only have %s times to try.";
+$lang->user->loginLocked = "You try the password too many times, please contact the administrator or try again after %s hours.";
 
 $lang->user->genderList->m = 'Male';
 $lang->user->genderList->f = 'Female';
diff --git a/module/user/lang/zh-cn.php b/module/user/lang/zh-cn.php
index 63abcffb30..c7d3ce4ed1 100644
--- a/module/user/lang/zh-cn.php
+++ b/module/user/lang/zh-cn.php
@@ -46,7 +46,8 @@ $lang->user->editProfile = '修改信息';
 
 $lang->user->errorDeny   = "抱歉，您无权访问『<b>%s</b>』模块的『<b>%s</b>』功能。请联系管理员获取权限。点击后退返回上页。";
 $lang->user->loginFailed = "登录失败，请检查您的用户名或密码是否填写正确。";
-$lang->user->loginLocked = "密码尝试次数太多，请联系管理员解锁";
+$lang->user->lockWarning = "您还有%s次尝试机会。";
+$lang->user->loginLocked = "密码尝试次数太多，请联系管理员解锁，或%s小时后重试。";
 
 $lang->user->genderList->m = '男';
 $lang->user->genderList->f = '女';
diff --git a/module/user/model.php b/module/user/model.php
index b62eb7b4eb..56aaae4601 100644
--- a/module/user/model.php
+++ b/module/user/model.php
@@ -470,14 +470,16 @@ class userModel extends model
         $fails ++; 
         if($fails < $this->config->user->failTimes) 
         {
-            $locked = '0000-00-00';
+            $locked    = '0000-00-00 00:00:00';
+            $failTimes = $fails;
         }
         else
         {
-            $locked = date('Y-m-d', strtotime('today'));
-            $fails  = 0;
+            $locked    = date('Y-m-d H:i:s', mktime() + $this->config->user->lockHours * 60 * 60);
+            $failTimes = 0;
         }
-        $this->dao->update(TABLE_USER)->set('fails')->eq($fails)->set('locked')->eq($locked)->where('account')->eq($account)->exec(false);
+        $this->dao->update(TABLE_USER)->set('fails')->eq($failTimes)->set('locked')->eq($locked)->where('account')->eq($account)->exec(false);
+        return $fails;
     }
 
     /**
@@ -490,7 +492,7 @@ class userModel extends model
     public function checkLocked($account)
     {
         $user = $this->dao->select('locked')->from(TABLE_USER)->where('account')->eq($account)->fetch(); 
-        if((strtotime($user->locked) - strtotime(date('Y-m-d'))) < 0) return false;
+        if((strtotime($user->locked) - strtotime(date('Y-m-d H:i:s'))) < 0) return false;
         return true;
     }
 
@@ -503,6 +505,6 @@ class userModel extends model
      */
     public function cleanLocked($account)
     {
-        $this->dao->update(TABLE_USER)->set('fails')->eq(0)->set('locked')->eq('0000-00-00')->where('account')->eq($account)->exec(false);
+        $this->dao->update(TABLE_USER)->set('fails')->eq(0)->set('locked')->eq('0000-00-00 00:00:00')->where('account')->eq($account)->exec(false);
     }
 }