diff --git a/src/apps/diy.php b/src/apps/diy.php
index b0aaab60..c56b6e22 100755
--- a/src/apps/diy.php
+++ b/src/apps/diy.php
@@ -38,6 +38,14 @@ if ($action == 'post') {
             exit();
         }
         $addvar = $addvalue = '';
+        //验证码校验
+        $validate = empty($validate) ? '' : strtolower(trim($validate));
+        $svali = strtolower(GetCkVdValue());
+        if ($validate=='' || $validate != $svali) {
+            ResetVdValue();
+            ShowMsg('验证码不正确', '-1');
+            exit();
+        }
         if (!empty($dede_fields)) {
             $link = $_SERVER['HTTP_REFERER'];
             $date = GetDateTimeMk(time());
diff --git a/src/theme/apps/post_diyform.htm b/src/theme/apps/post_diyform.htm
index c7b5adfb..610dd0a5 100644
--- a/src/theme/apps/post_diyform.htm
+++ b/src/theme/apps/post_diyform.htm
@@ -27,7 +27,14 @@
 				<table class="table mb-0">
 					<?php echo $postform;?>
 					<tr>
-						<td align="center">
+						<td>验证码</td>
+						<td>
+							<input type="text" name="validate" class="form-control admin-input-lg">
+							<img src="/apps/vdimgck.php" onclick="this.src='/apps/vdimgck.php?tag='+Math.random();" style="cursor:pointer">
+						</td>
+					</tr>
+					<tr>
+						<td colspan="2" align="center">
 							<button type="submit" name="submit" class="btn btn-success btn-sm">提交</button>
 							<button type="reset" name="reset" class="btn btn-outline-success btn-sm">重置</button>
 						</td>