diff --git a/code/springboot/newBank/src/main/java/demo/zhangjialei/controller/userController.java b/code/springboot/newBank/src/main/java/demo/zhangjialei/controller/userController.java
index e41647202..6b992ef4c 100644
--- a/code/springboot/newBank/src/main/java/demo/zhangjialei/controller/userController.java
+++ b/code/springboot/newBank/src/main/java/demo/zhangjialei/controller/userController.java
@@ -247,4 +247,61 @@ public class userController {
         // 存在安全隐患
         // http://localhost:12709/userLogin?userNo=00000026&passwd=123123
     }
+
+    // 添加和修改问题找回密码 getBackPassword
+    @RequestMapping("/addGetBackPassword")
+    public String addGetBackPassword(HttpServletRequest request) {
+
+/*
+        // 1.接收需要添加密码找回问题的账户
+            // 接收客户编号
+            String userNo_input = request.getParameter("userNo");
+
+            // 向数据库中查询编号是否存在
+            String sql_sel = String.format("select ui.userNo "+
+                    "from user_info ui where ui.userNo = %s", userNo_input);
+            List<Map<String, Object>> sel_res = jdbcTemplate.queryForList(sql_sel);
+            System.out.println(sel_res);
+            if (sel_res.size() == 0) return "400"; // 找不到该账户
+*/
+
+
+        // 2.为此账户添加密码找回问题
+            // 接收问题和答案
+            String userNo = request.getParameter("userNo");
+            String question = request.getParameter("question");
+            String answer = request.getParameter("answer");
+
+            String sql_update = String.format("UPDATE user_get_back_password bb SET bb.status = '0' where bb.userNo = %s;", userNo);
+            jdbcTemplate.update(sql_update);
+            String sql_insert = String.format("INSERT INTO user_get_back_password values('%s','%s','%s', default);",userNo, question, answer);
+            jdbcTemplate.update(sql_insert);
+
+
+        // http://localhost:12709/addGetBackPassword?userNo=00000026&question=你好&answer=再见
+        // 3.修改密码找回问题
+            // 修改和添加为同一接口
+        // 4.找回密码
+        return "100";
+    }
+
+    // 问题找回密码
+    @RequestMapping("/getBackPassword")
+    public String getBackPassword(HttpServletRequest request) {
+        // 接收客户编码，查询问题和答案
+        String userNo = request.getParameter("userNo");
+        String sql = String.format("SELECT * FROM user_get_back_password bb WHERE bb.userNo = %s and bb.status = '1';", userNo);
+        List<Map<String, Object>> sel_res = jdbcTemplate.queryForList(sql);
+        String question = (String) sel_res.get(0).get("question");
+        String answer = (String) sel_res.get(0).get("answer");
+
+        // 接收客户输入答案
+        String answer_input = request.getParameter("answer_input");
+
+        // 答案比较
+        if (!answer.equals(answer_input))  return "200"; // 答案错误
+        return "100"; // 答案正确
+
+        // http://localhost:12709/getBackPassword?userNo=00000026&answer_input=再见
+    }
 }