diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 3782019..6035116 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -17,12 +17,17 @@ class SessionsController < Devise::SessionsController
 
       resource = User.first(conditions:{user_id: @LDAP_USER})
       
-      if !resource.blank?
+      if !resource.blank? and resource.valid_password?(@LDAP_PASS)
 
         resource_name = resource.class.to_s.downcase
         sign_in(resource_name, resource)
         redirect_to after_sign_in_path_for(resource)
 
+	  elsif !resource.valid_password?(@LDAP_PASS)
+
+		flash[:error] = "密碼錯誤<br />password Local fail"
+		redirect_to :root
+
       else
 
         flash[:error] = "很抱歉,您無此權限或帳號登入本站,請洽本站管理員<br />Sorry, you don't have the account or authority to login. Please contact the website administrator."