diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 2397fef..d4db64b 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -10,16 +10,23 @@ class SessionsController < Devise::SessionsController
 
     @user_id = params[:user][:user_id]
 
+    @user_password = params[:user][:password]
+
     if @user_id == 'rulingcom'
 
       resource = User.first(conditions:{user_id: @user_id})
-      
-      if !resource.blank?
+		      
+      if !resource.blank? and resource.valid_password?(@user_password)
 
         resource_name = resource.class.to_s.downcase
         sign_in(resource_name, resource)
         redirect_to after_sign_in_path_for(resource)
 
+	  elsif !resource.valid_password?(@user_password)
+
+		flash[:error] = "密碼錯誤<br />password Local fail"
+		redirect_to :root
+
       else
 
         flash[:error] = "很抱歉,您無此權限或帳號登入本站,請洽本站管理員<br />Sorry, you don't have the account or authority to login. Please contact the website administrator."