diff --git a/app/common.php b/app/common.php
index ab79352..0a2e95f 100644
--- a/app/common.php
+++ b/app/common.php
@@ -92,6 +92,11 @@ function get_image_url($imageUrl):string
     }
 }
 
+/**
+ * 返回跳转链接地址
+ * @param $jump_url
+ * @return string
+ */
 function get_jump_url($jump_url):string
 {
     $domain = \think\facade\Request::instance()->domain();
@@ -119,8 +124,19 @@ function give_symbol(&$value,$symbol = '+')
  * @param $phoneNumber
  * @return string
  */
-function format_phone_number($phoneNumber) {
+function format_phone_number($phoneNumber)
+{
     $prefix = substr($phoneNumber, 0, 3);
     $suffix = substr($phoneNumber, -4);
     return $prefix . '****' . $suffix;
+}
+
+/**
+ * 获取自定义随机头像
+ */
+function rand_avatar()
+{
+    $avatarArr = config('custom.avatar') ?: [];
+    $rand = rand(0,count($avatarArr));
+    return $avatarArr[$rand] ?: '';
 }
\ No newline at end of file
diff --git a/app/controller/Passport.php b/app/controller/Passport.php
index ff3a7d5..ec6b35f 100644
--- a/app/controller/Passport.php
+++ b/app/controller/Passport.php
@@ -4,6 +4,7 @@ namespace app\controller;
 
 use app\BaseController;
 use app\common\lib\sms\AliSms\AliSms;
+use app\model\AdminUser;
 use app\model\Pincode;
 use app\model\User as UserModel;
 use app\validate\User as UserValidate;
@@ -32,11 +33,10 @@ class Passport extends BaseController
             $userModel = new UserModel();
             $smsCode = $data['sms_code'];
             $phone = $data['phone'];
+            $invite_code = $data['invite_code'] ?? '';
 
-            if (!isset($data['invite_code'])) $data['invite_code'] = '';
-            $invite_code = $data['invite_code'];
-
-            if (!empty($invite_code) && !$userModel->verifyInviteCode($invite_code)) {
+            $data['aid'] = $userModel->verifyInviteCode($invite_code);
+            if (!empty($invite_code) && !$data['aid']) {
                 return $this->renderError('邀请码无效');
             }
 
@@ -203,4 +203,54 @@ class Passport extends BaseController
             return $this->renderError($exception->getMessage());
         }
     }
+
+    /**
+     * 总后台登陆（管理员）
+     * @return array
+     * @throws \think\db\exception\DataNotFoundException
+     * @throws \think\db\exception\DbException
+     * @throws \think\db\exception\ModelNotFoundException
+     */
+    public function adminLogin()
+    {
+        $data = Request::param();
+
+        $count = 0;
+        $defaultCount = 3;# 默认登陆三次提示验证码
+        try {
+
+            $cookie_name = 'login_count'.$_SERVER['HTTP_HOST'];
+            // 验证用户输入
+            validate(UserValidate::class)->scene('adminLogin')->check($data);
+
+            # 验证码验证
+            if ($count = Cookie::get($cookie_name) ?: 0) {
+                Cookie::set($cookie_name,$count+1);
+            } else {
+                Cookie::set($cookie_name,1);
+            }
+            if ($count > $defaultCount) {
+                $this->validate($data,['captcha|验证码'=>'require|captcha']);
+            }
+
+            // 管理员登录
+            $adminUser = AdminUser::login($data);
+
+            if ($adminUser['status'] == 1) {
+
+                $userinfo = ['admin_user_id' => $adminUser['data']['id'], 'avatar' => get_image_url($adminUser['data']['avatar'])];
+                $token = ['token'=>signToken($userinfo)];
+
+                Cookie::delete($cookie_name);
+                return $this->renderSuccess('登陆成功',$token);
+            } else {
+                throw new ValidateException($adminUser['msg']);
+            }
+        } catch (ValidateException $exception) {
+
+            $data = ['captcha_img' => ''];
+            if ($count >= $defaultCount) $data['captcha_img'] = captcha_src();
+            return $this->renderError($exception->getMessage(),$data);
+        }
+    }
 }
\ No newline at end of file
diff --git a/app/model/AdminUser.php b/app/model/AdminUser.php
new file mode 100644
index 0000000..a1da427
--- /dev/null
+++ b/app/model/AdminUser.php
@@ -0,0 +1,62 @@
+<?php
+declare (strict_types = 1);
+
+namespace app\model;
+
+use think\facade\Session;
+use think\Model;
+
+/**
+ * @mixin \think\Model
+ */
+class AdminUser extends Model
+{
+    /**
+     * 管理员登陆
+     * @param $data
+     * @return array
+     * @throws \think\db\exception\DataNotFoundException
+     * @throws \think\db\exception\DbException
+     * @throws \think\db\exception\ModelNotFoundException
+     */
+    public static function login($data)
+    {
+        // 根据用户名查询用户信息
+        $AdminUser = new AdminUser();
+
+        $user = $AdminUser
+            ->where('account_number', $data['account_number'])
+            ->field('id,account_number,avatar,password,salt,status')
+            ->find();
+
+        try {
+            if (!$user) throw new \Exception('管理员账号不存在');
+            if ($user['status'] != 1) throw new \Exception('账号已被停用');
+
+            // 使用相同的盐值对输入密码进行哈希验证
+            $hashedPassword = $AdminUser->generateHashedPassword($data['password'], $user->salt);
+
+            if ($user->password !== $hashedPassword) throw new \Exception('密码错误');
+
+            # 缓存用户信息
+            $login_user_data = $user->toArray();
+            unset($login_user_data['password'],$login_user_data['salt'],$login_user_data['status']);
+            Session::set('login_user_data',$login_user_data);
+
+            return ['status' => 1, 'msg' => '登陆成功', 'data' => $login_user_data];
+        } catch (\Exception $e) {
+            return ['status' => 0, 'msg' => $e->getMessage()];
+        }
+    }
+
+    /**
+     * 生成密码
+     * @param $password
+     * @param $salt
+     * @return string
+     */
+    private function generateHashedPassword($password,$salt)
+    {
+        return md5(md5($password) . md5($salt));
+    }
+}
diff --git a/app/model/AgentUser.php b/app/model/AgentUser.php
new file mode 100644
index 0000000..c637392
--- /dev/null
+++ b/app/model/AgentUser.php
@@ -0,0 +1,21 @@
+<?php
+declare (strict_types = 1);
+
+namespace app\model;
+
+use think\Model;
+
+/**
+ * @mixin \think\Model
+ */
+class AgentUser extends Model
+{
+    //
+
+    public static function login()
+    {
+
+
+
+    }
+}
diff --git a/app/model/User.php b/app/model/User.php
index d4870a6..1097db6 100644
--- a/app/model/User.php
+++ b/app/model/User.php
@@ -25,16 +25,14 @@ class User extends Model
         $salt = $this->generateSalt();
         // 密码加盐值后哈希存储
         $password = $this->generateHashedPassword($data['password'], $salt);
-        // 随机头像
-        $avatarArr = config('custom.avatar') ?: [];
-        $rand = rand(0,count($avatarArr));
 
         $this->save([
-            'avatar' => $avatarArr[$rand] ?: '',
-            'password' => $password,
-            'salt' => $salt,
-            'phone' => $data['phone'],
-            'invite_code' => $data['invite_code'],
+            // 随机头像
+            'avatar'    => rand_avatar(),
+            'password'  => $password,
+            'salt'      => $salt,
+            'phone'     => $data['phone'],
+            'aid'       => $data['aid'],
             'register_time' => date("Y-m-d H:i:s",time())
         ]);
 
@@ -54,7 +52,7 @@ class User extends Model
     public function login($data)
     {
         // 根据用户名查询用户信息
-        $user = $this->where('phone', $data['phone'])->field('id,avatar,phone,invite_code,password,salt')->find();
+        $user = $this->where('phone', $data['phone'])->field('id,avatar,phone,password,salt')->find();
 
         if ($user) {
             // 使用相同的盐值对输入密码进行哈希验证
@@ -145,28 +143,6 @@ class User extends Model
         return ['status' => false, 'msg' => '登陆状态有误'];
     }
 
-    /**
-     * 手机号短信验证码验证
-     * @param $phone
-     * @param $smsCode
-     * @return bool
-     */
-    public function verifySmsCode($phone, $smsCode)
-    {
-        // 在这个方法中，您可以调用您的短信服务提供商的API进行验证码验证
-        // 这里简化为直接比较验证码
-        // 请根据实际情况自行实现验证码验证逻辑
-
-        // 假设存储了正确的短信验证码
-        $correctSmsCode = '123456';
-
-        if ($smsCode === $correctSmsCode) {
-            return true;
-        }
-
-        return false;
-    }
-
     /**
      * 验证邀请码是否有效
      * @param $invite_code
@@ -177,13 +153,14 @@ class User extends Model
      */
     public function verifyInviteCode($invite_code)
     {
-        $codeRes = $this->where('invite_code',$invite_code)->find();
+        $AgentUser = new AgentUser();
+        $codeRes = $AgentUser->where('invite_code',$invite_code)->find();
 
         if (empty($codeRes)) {
-            return false;
+            return 0;
         }
 
-        return true;
+        return $codeRes->id;
     }
 
     /**
diff --git a/app/validate/User.php b/app/validate/User.php
index f93d00b..4981a9f 100644
--- a/app/validate/User.php
+++ b/app/validate/User.php
@@ -15,9 +15,10 @@ class User extends Validate
      * @var array
      */
     protected $rule = [
-        'phone'     => 'require|mobile',
-        'password'  => 'require|min:6|max:20',
-        'sms_code'  => 'require',
+        'phone|手机号'     => 'require|mobile',
+        'password|密码'  => 'require|min:6|max:20',
+        'sms_code|短信验证码'  => 'require',
+        'account_number|账号' => 'require|min:4|max:16'
     ];
 
     /**
@@ -26,21 +27,15 @@ class User extends Validate
      *
      * @var array
      */
-    protected $message = [
-        'phone.require'     => '手机号必填',
-        'phone.mobile'      => '手机号不正确',
-        'password.require'  => '密码必填',
-        'password.min'      => '密码长度最短为6个字符',
-        'password.max'      => '密码长度最长为20个字符',
-        'sms_code'          => '短信验证码必填'
-    ];
+    protected $message = [];
 
     protected $scene = [
         'login'     =>  ['phone','password'],
         'register'  =>  ['phone','password','sms_code'],
         'retrieve'  =>  ['phone','password','sms_code'],
         'modifyPassword'  =>  ['password'],
-        'sendCode'  =>  ['phone']
+        'sendCode'  =>  ['phone'],
+        'adminLogin'=>  ['account_number','password']
     ];
 
     /**
diff --git a/route/app.php b/route/app.php
index a65d060..0aa56cc 100644
--- a/route/app.php
+++ b/route/app.php
@@ -26,6 +26,7 @@ Route::group('passport',function (){
     Route::post('retrieve','passport/retrieve')->allowCrossDomain();
     Route::post('changeCaptcha','passport/changeCaptcha')->allowCrossDomain();
     Route::post('sendCode','passport/sendCode')->allowCrossDomain();
+    Route::post('adminLogin','passport/adminLogin')->allowCrossDomain();
 });
 
 Route::group('user',function (){