diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
index 52d405955..71da15386 100644
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -72,6 +72,15 @@ class AccountsController < ApplicationController
   # 用户登录
   def login
     @user = User.try_to_login(params[:login], params[:password])
+
+    if @user
+      # user is already in local database
+      return normal_status(-2, "违反平台使用规范，账号已被锁定") if @user.locked?
+      return normal_status(-2, "错误的账号或密码") unless @user.check_password?(params[:password].to_s)
+    else
+      return normal_status(-2, "错误的账号或密码")
+    end
+
     @user.update_column(:last_login_on, Time.now)
 
     successful_authentication(@user)
diff --git a/app/models/user.rb b/app/models/user.rb
index 894a28910..299ad1ff4 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -507,14 +507,6 @@ class User < ApplicationRecord
       user = find_by_login(login)
     end
 
-    if user
-      # user is already in local database
-      raise Educoder::TipException.new(-2, "违反平台使用规范，账号已被锁定") if user.locked?
-      raise Educoder::TipException.new(-2, "错误的账号或密码") unless user.check_password?(password)
-    else
-      raise Educoder::TipException.new(-2, "错误的账号或密码")
-    end
-
     user
   rescue => text
     raise text