diff --git a/app/controllers/words_controller.rb b/app/controllers/words_controller.rb
index 5158a99c4..77304c1b1 100644
--- a/app/controllers/words_controller.rb
+++ b/app/controllers/words_controller.rb
@@ -202,11 +202,15 @@ class WordsController < ApplicationController
 
   #给用户留言
   def leave_user_message
-    @user = User.find(params[:id])
-    if params[:new_form][:user_message].size>0 && User.current.logged? && @user
-      @user.add_jour(User.current, params[:new_form][:user_message])
+    if User.current.logged?
+      @user = User.find(params[:id])
+      if params[:new_form][:user_message].size>0 && User.current.logged? && @user
+        @user.add_jour(User.current, params[:new_form][:user_message])
+      end
+      redirect_to feedback_path(@user)
+    else
+      render_403
     end
-    redirect_to feedback_path(@user)
   end
 
   # add by nwb
diff --git a/db/migrate/20150906090419_delete_anonymous_feedback.rb b/db/migrate/20150906090419_delete_anonymous_feedback.rb
new file mode 100644
index 000000000..a96d6b30d
--- /dev/null
+++ b/db/migrate/20150906090419_delete_anonymous_feedback.rb
@@ -0,0 +1,15 @@
+class DeleteAnonymousFeedback < ActiveRecord::Migration
+  def up
+    jour_count = JournalsForMessage.all.count / 30 + 2
+    transaction do
+      for i in 1 ... jour_count do i
+      JournalsForMessage.page(i).per(30).each do |jour|
+        jour.destroy if jour.user_id == 2
+      end
+      end
+    end
+  end
+
+  def down
+  end
+end