diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py
index 7a84cf142f1b0695672ada6932d94e0bc46f33bb..72053d3e57fc0c5276eb5d27e9a82f3716417ab0 100644
--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@@ -303,3 +303,7 @@ BROKER_URL = 'redis://%(password)s%(host)s:%(port)s/3' % {
 }
 
 CELERY_RESULT_BACKEND = BROKER_URL
+
+# Captcha settings, more see https://django-simple-captcha.readthedocs.io/en/latest/advanced.html
+CAPTCHA_IMAGE_SIZE = (75, 33)
+CAPTCHA_FOREGROUND_COLOR = '#001100'
diff --git a/apps/jumpserver/urls.py b/apps/jumpserver/urls.py
index 138ea6d5aec64850c39763e954d0433b166e4324..0c1b834031ad904c0d89d8a3869444d2676591cd 100644
--- a/apps/jumpserver/urls.py
+++ b/apps/jumpserver/urls.py
@@ -20,22 +20,14 @@ from django.views.generic.base import TemplateView
 from django.http import HttpResponseRedirect
 
 
-# def view(request, **kwargs):
-#     if kwargs:
-#         print kwargs
-#     return HttpResponseRedirect('/' + kwargs["module"] + '/' + kwargs["version"] + '/' + kwargs["api"])
-
-
 urlpatterns = [
+    url(r'^captcha/', include('captcha.urls')),
     url(r'^$', TemplateView.as_view(template_name='base.html'), name='index'),
     url(r'^(api/)?users/', include('users.urls')),
     url(r'^assets/', include('assets.urls')),
     url(r'^terminal/', include('webterminal.urls')),
 ]
 
-#urlpatterns += [
-#    url(r'^api/users/', include('users.api_urls')),
-#]
 
 if settings.DEBUG:
     urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
diff --git a/apps/templates/captcha/field.html b/apps/templates/captcha/field.html
new file mode 100644
index 0000000000000000000000000000000000000000..6979e870ceec65d1b73a8cf8af44b91b2ea3efce
--- /dev/null
+++ b/apps/templates/captcha/field.html
@@ -0,0 +1,12 @@
+{{image}}{{hidden_field}}{{text_field}}
+
+<script>
+    function refresh_captcha() {
+        $.getJSON("{% url "captcha-refresh" %}",
+                function (result) {
+                    $('.captcha').attr('src', result['image_url']);
+                    $('#id_captcha_0').val(result['key'])
+                })
+    }
+    $('.captcha').click(refresh_captcha)
+</script>
\ No newline at end of file
diff --git a/apps/templates/captcha/hidden_field.html b/apps/templates/captcha/hidden_field.html
new file mode 100644
index 0000000000000000000000000000000000000000..36d7490a3023583c723c0c5e8914a697fbdabfeb
--- /dev/null
+++ b/apps/templates/captcha/hidden_field.html
@@ -0,0 +1 @@
+<input id="{{id}}_0" name="{{name}}_0" type="hidden" value="{{key}}" />
diff --git a/apps/templates/captcha/image.html b/apps/templates/captcha/image.html
new file mode 100644
index 0000000000000000000000000000000000000000..b4a41553635abc5c23d46f84639f04b06250a551
--- /dev/null
+++ b/apps/templates/captcha/image.html
@@ -0,0 +1,4 @@
+{% load i18n %}
+{% spaceless %}
+    {% if audio %}<a title="{% trans "Play CAPTCHA as audio file" %}" href="{{audio}}">{% endif %}<img src="{{image}}" alt="captcha" class="captcha" />{% if audio %}</a>{% endif %}
+{% endspaceless %}
\ No newline at end of file
diff --git a/apps/templates/captcha/text_field.html b/apps/templates/captcha/text_field.html
new file mode 100644
index 0000000000000000000000000000000000000000..abf2a6fd437b7e6aaee0ec07039ef1ac88e67803
--- /dev/null
+++ b/apps/templates/captcha/text_field.html
@@ -0,0 +1,7 @@
+<div class="row">
+    <div class="col-sm-6">
+        <input autocomplete="off" id="{{id}}_1" class="form-control" name="{{name}}_1" type="text" />
+        <span class="red-fonts" id="captcha-error" style="display: none">验证码错误</span>
+    </div>
+</div>
+</br>
diff --git a/apps/users/forms.py b/apps/users/forms.py
index 719a6f0a5a48a57501cf8c65c3d0676300b0028c..bd1c36f975f1eb29dbd05ffd6a61ef6f95ea2c10 100644
--- a/apps/users/forms.py
+++ b/apps/users/forms.py
@@ -10,7 +10,7 @@ from .models import User, UserGroup
 class UserLoginForm(forms.Form):
     username = forms.CharField(label='用户名', max_length=100)
     password = forms.CharField(label='密码', widget=forms.PasswordInput, max_length=100)
-    # captcha = CaptchaField()
+    captcha = CaptchaField()
 
 
 class UserAddForm(ModelForm):
diff --git a/apps/users/templates/users/forget_password.html b/apps/users/templates/users/forget_password.html
index be8c3012f85d44aa3d7d73140564a44f21a4fc08..5c76841df86383fd4ca8047bd464caa52b42be3f 100644
--- a/apps/users/templates/users/forget_password.html
+++ b/apps/users/templates/users/forget_password.html
@@ -6,8 +6,8 @@
 
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-
-    <title>INSPINIA | Forgot password</title>
+    <link rel="shortcut icon" href="{% static "img/facio.ico" %}" type="image/x-icon">
+    <title>忘记密码</title>
 
     {% include '_head_css_js.html' %}
     <link href="{% static "css/jumpserver.css" %}" rel="stylesheet">
diff --git a/apps/users/templates/users/login.html b/apps/users/templates/users/login.html
index 633a53bcb437db7315d38e62c76ac8eebad2c4de..dacbb819e3eeff9927bf3d8da947af581af6f7be 100644
--- a/apps/users/templates/users/login.html
+++ b/apps/users/templates/users/login.html
@@ -10,6 +10,14 @@
     {% include '_head_css_js.html' %}
     <link href="{% static "css/jumpserver.css" %}" rel="stylesheet">
     <script src="{% static "js/jumpserver.js" %}"></script>
+    <style>
+        .captcha {
+            float: right;
+        }
+        #id_captcha_1 {
+
+        }
+    </style>
 </head>
 
 <body class="gray-bg">
@@ -43,7 +51,9 @@
                     <form class="m-t" role="form" method="post" action="{% url 'users:login' %}">
                         {% csrf_token %}
                         {% if form.errors %}
-                            <p class="red-fonts">{{ form.errors }}</p>
+                            {% if 'captcha' in form.errors %}
+                                <p class="red-fonts">验证码错误</p>
+                            {% endif %}
                         {% endif %}
                         {% if errors %}
                             <p class="red-fonts">{{ errors }}</p>
@@ -54,6 +64,9 @@
                         <div class="form-group">
                             <input type="password" class="form-control" name="{{ form.password.html_name }}" placeholder="Password" required="">
                         </div>
+                        <div>
+                            {{ form.captcha }}
+                        </div>
                         <button type="submit" class="btn btn-primary block full-width m-b">Login</button>
 
                         <a href="{% url 'users:forget-password' %}">
@@ -78,7 +91,6 @@
             </div>
         </div>
     </div>
-
 </body>
 
 </html>
diff --git a/apps/users/urls.py b/apps/users/urls.py
index bed747e65ffaafbb2155c972a8e7b9fef066c1f2..129debc7588b97d7be0c0536e04735f4f6ae584a 100644
--- a/apps/users/urls.py
+++ b/apps/users/urls.py
@@ -10,7 +10,6 @@ app_name = 'users'
 urlpatterns = [
     url(r'^login$', views.UserLoginView.as_view(), name='login'),
     url(r'^logout$', views.UserLogoutView.as_view(), name='logout'),
-    url(r'^captcha/', include('captcha.urls')),
     url(r'^password/forget$', views.UserForgetPasswordView.as_view(), name='forget-password'),
     url(r'^password/forget/sendmail-success$',
         views.UserForgetPasswordSendmailSuccessView.as_view(), name='forget-password-sendmail-success'),
diff --git a/apps/users/views.py b/apps/users/views.py
index 63de67b6d015839a4b4316dbc7d5d516acf52d9f..45cabb7b4b209929237f1bf773d3ab797c00c37c 100644
--- a/apps/users/views.py
+++ b/apps/users/views.py
@@ -42,6 +42,9 @@ class UserLoginView(FormView):
 
     def post(self, request, *args, **kwargs):
         form = self.get_form()
+        if not form.is_valid():
+            return self.form_invalid(form)
+
         username = form['username'].value()
         password = form['password'].value()