diff --git a/api/login/message.go b/api/login/message.go
index 53261c7..d0c1c14 100644
--- a/api/login/message.go
+++ b/api/login/message.go
@@ -8,6 +8,7 @@ import (
 	"errors"
 	"fmt"
 	redigo "github.com/gomodule/redigo/redis"
+	"regexp"
 )
 
 type SsoSendSmsCodeParams struct {
@@ -27,6 +28,12 @@ func SsoSendSmsCode(a *dapi.ApiBase, params *SsoSendSmsCodeParams) error {
 	redisCodeKey := fmt.Sprintf("smscode:%s", params.Mobile)
 	redisDailyKey := fmt.Sprintf("smscode_daily:%s", params.Mobile)
 
+	mobileRegex := `^1[3-9]\d{9}$`
+	matched, err := regexp.MatchString(mobileRegex, params.Mobile)
+	if err != nil || !matched {
+		return a.ReturnPublicErrorResponse(a.Translate("invalid_mobile"))
+	}
+
 	conn := redis.RPool.Get()
 	defer func() {
 		if err := conn.Close(); err != nil {