diff --git a/class/core/site_api.py b/class/core/site_api.py
index ce1306062..e075ae6f4 100755
--- a/class/core/site_api.py
+++ b/class/core/site_api.py
@@ -23,6 +23,7 @@ class site_api:
     setupPath = None  # 安装路径
     vhostPath = None
     logsPath = None
+    passPath = None
     rewritePath = None
     sslDir = None  # ssl目录
 
@@ -33,11 +34,13 @@ class site_api:
         if not os.path.exists(vh):
             public.execShell("mkdir -p " + vh + " && chmod -R 755 " + vh)
         self.rewritePath = rw = self.setupPath + '/nginx/rewrite'
+        if not os.path.exists(rw):
+            public.execShell("mkdir -p " + rw + " && chmod -R 755 " + rw)
+        self.passPath = pp = self.setupPath + '/nginx/pass'
         if not os.path.exists(rw):
             public.execShell("mkdir -p " + rw + " && chmod -R 755 " + rw)
 
         self.logsPath = public.getRootDir() + '/wwwlogs'
-
         # ssl conf
         if public.isAppleSystem():
             self.sslDir = self.setupPath + '/letsencrypt/'
@@ -813,6 +816,74 @@ class site_api:
         public.restartWeb()
         return public.returnJson(True, '设置成功!')
 
+    # 设置目录加密
+    def setHasPwdApi(self):
+        username = request.form.get('username', '').encode('utf-8')
+        password = request.form.get('password', '').encode('utf-8')
+        siteName = request.form.get('siteName', '').encode('utf-8')
+        mid = request.form.get('id', '')
+        if len(username.strip()) == 0 or len(password.strip()) == 0:
+            return public.returnJson(False, '用户名或密码不能为空!')
+
+        if siteName == '':
+            siteName = public.M('sites').where('id=?', (mid,)).getField('name')
+
+        # self.closeHasPwd(get)
+        filename = self.passPath + siteName + '.pass'
+        passconf = username + ':' + public.hasPwd(password)
+
+        if get.siteName == 'phpmyadmin':
+            configFile = self.setupPath + '/openresty/nginx/conf/nginx.conf'
+        else:
+            configFile = self.setupPath + '/openresty/nginx/vhost/' + siteName + '.conf'
+
+        # 处理Nginx配置
+        conf = public.readFile(configFile)
+        if conf:
+            rep = '#error_page   404   /404.html;'
+            if conf.find(rep) == -1:
+                rep = '#error_page 404/404.html;'
+            data = '''
+    #AUTH_START
+    auth_basic "Authorization";
+    auth_basic_user_file %s;
+    #AUTH_END''' % (filename,)
+            conf = conf.replace(rep, rep + data)
+            public.writeFile(configFile, conf)
+
+        # 写密码配置
+        passDir = self.passPath
+        if not os.path.exists(passDir):
+            public.ExecShell('mkdir -p ' + passDir)
+        public.writeFile(filename, passconf)
+
+        public.restartWeb()
+        msg = public.getInfo('设置网站[{1}]为需要密码认证!', (siteName,))
+        public.writeLog("网站管理", msg)
+        return public.returnJson(True, '设置成功!')
+
+    # 取消目录加密
+    # def CloseHasPwd(self, get):
+    #     if not hasattr(get, 'siteName'):
+    #         get.siteName = public.M('sites').where(
+    #             'id=?', (get.id,)).getField('name')
+
+    #     if get.siteName == 'phpmyadmin':
+    #         get.configFile = self.setupPath + '/nginx/conf/nginx.conf'
+    #     else:
+    #         get.configFile = self.setupPath + '/panel/vhost/nginx/' + get.siteName + '.conf'
+
+    #     if os.path.exists(get.configFile):
+    #         conf = public.readFile(get.configFile)
+    #         rep = "\n\s*#AUTH_START(.|\n){1,200}#AUTH_END"
+    #         conf = re.sub(rep, '', conf)
+    #         public.writeFile(get.configFile, conf)
+
+    #     public.serviceReload()
+    #     public.WriteLog("TYPE_SITE", "SITE_AUTH_CLOSE_SUCCESS",
+    #                     (get.siteName,))
+    #     return public.returnMsg(True, 'SET_SUCCESS')
+
     def delDomainApi(self):
         domain = request.form.get('domain', '').encode('utf-8')
         webname = request.form.get('webname', '').encode('utf-8')
diff --git a/route/static/app/site.js b/route/static/app/site.js
index 141ea30c5..a70f87f51 100755
--- a/route/static/app/site.js
+++ b/route/static/app/site.js
@@ -327,7 +327,7 @@ function webPathEdit(id){
 						+'<p><span>授权账号</span><input id="username_get" class="bt-input-text" name="username_get" value="" type="text" placeholder="不修改请留空"></p>'
 						+'<p><span>访问密码</span><input id="password_get_1" class="bt-input-text" name="password_get_1" value="" type="password" placeholder="不修改请留空"></p>'
 						+'<p><span>重复密码</span><input id="password_get_2" class="bt-input-text" name="password_get_1" value="" type="password" placeholder="不修改请留空"></p>'
-						+'<p><button class="btn btn-success btn-sm" onclick="SetPathSafe('+id+')">保存</button></p>'
+						+'<p><button class="btn btn-success btn-sm" onclick="setPathSafe('+id+')">保存</button></p>'
 					+'</div>'
 				+'</div>';
 
@@ -359,25 +359,25 @@ function pathSafe(id){
 			var ico = rdata.status?1:2;
 			layer.msg(rdata.msg,{icon:ico});
 			$(".user_pw").hide();
-		});
+		},'json');
 	}
 }
 
 //设置访问密码
-function SetPathSafe(id){
+function setPathSafe(id){
 	var username = $("#username_get").val();
 	var pass1 = $("#password_get_1").val();
 	var pass2 = $("#password_get_2").val();
 	if(pass1 != pass2){
-		layer.msg(lan.bt.pass_err_re,{icon:2});
+		layer.msg('两次输入的密码不一致!',{icon:2});
 		return;
 	}
-	var loadT = layer.msg(lan.public.the,{icon:16,time:10000,shade: [0.3, '#000']});
-	$.post('/site?action=SetHasPwd',{id:id,username:username,password:pass1},function(rdata){
+	var loadT = layer.msg('正在处理,请稍候...',{icon:16,time:10000,shade: [0.3, '#000']});
+	$.post('/site/set_has_pwd',{id:id,username:username,password:pass1},function(rdata){
 		layer.close(loadT);
 		var ico = rdata.status?1:2;
 		layer.msg(rdata.msg,{icon:ico});
-	});
+	},'json');
 }
 
 //提交运行目录