diff --git a/server/like-front/src/main/java/com/mdd/front/controller/UserController.java b/server/like-front/src/main/java/com/mdd/front/controller/UserController.java
index 4a5bd481..e881890c 100644
--- a/server/like-front/src/main/java/com/mdd/front/controller/UserController.java
+++ b/server/like-front/src/main/java/com/mdd/front/controller/UserController.java
@@ -73,12 +73,13 @@ public class UserController {
      */
     @PostMapping("/changePwd")
     public Object changePwd(@RequestBody Map<String, String> params) {
+        Assert.notNull(params.get("oldPassword"), "oldPassword参数缺失");
         Assert.notNull(params.get("password"), "password参数缺失");
         if(!Pattern.matches("^(?![0-9]+$)(?![a-zA-Z]+$)[0-9A-Za-z]{6,20}$", params.get("password"))){
             throw new OperateException("密码必须是6-20字母+数字组合!");
         }
         Integer userId = LikeFrontThreadLocal.getUserId();
-        iUserService.changePwd(params.get("password"), userId);
+        iUserService.changePwd(params.get("password"), params.get("oldPassword"), userId);
         return AjaxResult.success();
     }
 
diff --git a/server/like-front/src/main/java/com/mdd/front/service/IUserService.java b/server/like-front/src/main/java/com/mdd/front/service/IUserService.java
index bb7f987c..e29fe41f 100644
--- a/server/like-front/src/main/java/com/mdd/front/service/IUserService.java
+++ b/server/like-front/src/main/java/com/mdd/front/service/IUserService.java
@@ -42,9 +42,10 @@ public interface IUserService {
      *
      * @author fzr
      * @param password 新密码
+     * @param oldPassword 旧密码
      * @param userId 用户ID
      */
-    void changePwd(String password, Integer userId);
+    void changePwd(String password, String oldPassword, Integer userId);
 
     /**
      * 绑定手机
diff --git a/server/like-front/src/main/java/com/mdd/front/service/impl/UserServiceImpl.java b/server/like-front/src/main/java/com/mdd/front/service/impl/UserServiceImpl.java
index f2cff5d7..c622cd88 100644
--- a/server/like-front/src/main/java/com/mdd/front/service/impl/UserServiceImpl.java
+++ b/server/like-front/src/main/java/com/mdd/front/service/impl/UserServiceImpl.java
@@ -23,6 +23,7 @@ import com.mdd.front.vo.user.UserInfoVo;
 import me.chanjar.weixin.common.error.WxErrorException;
 import org.springframework.beans.BeanUtils;
 import org.springframework.stereotype.Service;
+import org.springframework.util.Assert;
 
 import javax.annotation.Resource;
 import java.util.LinkedHashMap;
@@ -172,15 +173,28 @@ public class UserServiceImpl implements IUserService {
      * @param userId 用户ID
      */
     @Override
-    public void changePwd(String password, Integer userId) {
+    public void changePwd(String password, String oldPassword, Integer userId) {
+        User user = userMapper.selectOne(new QueryWrapper<User>()
+                .select("id,password,salt")
+                .eq("id", userId)
+                .eq("is_delete", 0)
+                .last("limit 1"));
+
+        Assert.notNull(user, "用户不存在");
+        String oldPwd = ToolsUtil.makeMd5(oldPassword.trim()+user.getSalt());
+        if (!oldPwd.equals(user.getPassword())) {
+            throw new OperateException("原密码不正确!");
+        }
+
         String salt = ToolsUtil.randomString(5);
         String pwd  = ToolsUtil.makeMd5(password.trim()+salt);
 
-        User user = new User();
-        user.setPassword(pwd);
-        user.setSalt(salt);
-        user.setUpdateTime(System.currentTimeMillis() / 1000);
-        userMapper.updateById(user);
+        User u = new User();
+        u.setId(userId);
+        u.setPassword(pwd);
+        u.setSalt(salt);
+        u.setUpdateTime(System.currentTimeMillis() / 1000);
+        userMapper.updateById(u);
     }
 
     /**