diff --git a/app/rts.go b/app/rts.go
index 045b8e2..042598c 100644
--- a/app/rts.go
+++ b/app/rts.go
@@ -68,7 +68,19 @@ func CreateUser(w *ResponseWriter, r *Request) {
 		return
 	}
 
-	if err := DB.Create(&user).Error; err != nil {
+	hash, err := HashPassword(user.Password)
+	if err != nil {
+		LogError(err)
+		w.Error(NewError(1, "加密密码失败"))
+		return
+	}
+
+	u := User{
+		Name:        user.Name,
+		PhoneNumber: user.PhoneNumber,
+		Password:    hash,
+	}
+	if err := DB.Create(&u).Error; err != nil {
 		w.Error(err)
 	} else {
 		w.Ok(user, "创建用户成功")
@@ -98,7 +110,7 @@ func UpdateUser(w *ResponseWriter, r *Request) {
 	}
 
 	// 用户信息未发生变化
-	if u.Name == user.Name && u.PhoneNumber == u.PhoneNumber && u.Password == user.Password {
+	if user.Name == u.Name && user.PhoneNumber == u.PhoneNumber && CheckPasswordHash(user.Password, u.Password) {
 		w.Ok(nil, "操作成功")
 		return
 	}
@@ -218,7 +230,7 @@ func Login(w *ResponseWriter, r *Request) {
 	} else if err != nil {
 		w.Error(err)
 	} else {
-		if password != user.Password {
+		if !CheckPasswordHash(password, user.Password) {
 			w.Error(NewError(1, "手机号码或密码错误"))
 			return
 		}