diff --git a/controllers/verification.go b/controllers/verification.go
index 7c39b008..95c4e9e2 100644
--- a/controllers/verification.go
+++ b/controllers/verification.go
@@ -19,6 +19,7 @@ import (
 	"strings"
 
 	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
 )
 
 func (c *ApiController) SendVerificationCode() {
@@ -47,8 +48,16 @@ func (c *ApiController) SendVerificationCode() {
 	ret := "Invalid dest type."
 	switch destType {
 	case "email":
+		if !util.IsEmailValid(dest) {
+			c.ResponseError("Invalid Email address")
+			return
+		}
 		ret = object.SendVerificationCodeToEmail(remoteAddr, dest)
 	case "phone":
+		if !util.IsPhoneCnValid(dest) {
+			c.ResponseError("Invalid phone number")
+			return
+		}
 		org := object.GetOrganizationByName(user.Owner)
 		phonePrefix := "86"
 		if org != nil && org.PhonePrefix != "" {
diff --git a/object/verification.go b/object/verification.go
index b2c17706..47afb128 100644
--- a/object/verification.go
+++ b/object/verification.go
@@ -17,7 +17,6 @@ package object
 import (
 	"fmt"
 	"math/rand"
-	"strings"
 	"time"
 )
 
@@ -30,9 +29,6 @@ type VerificationRecord struct {
 }
 
 func SendVerificationCodeToEmail(remoteAddr, dest string) string {
-	if strings.Index(dest, "@") < 0 {
-		return "Invalid Email address"
-	}
 	title := "Casdoor Code"
 	sender := "Casdoor Admin"
 	code := getRandomCode(5)
diff --git a/util/regex.go b/util/regex.go
index a399a10d..2437c5d7 100644
--- a/util/regex.go
+++ b/util/regex.go
@@ -21,7 +21,7 @@ var rePhoneCn *regexp.Regexp
 
 func init() {
 	reEmail, _ = regexp.Compile(`^[0-9a-z][_.0-9a-z-]{0,31}@([0-9a-z][0-9a-z-]{0,30}[0-9a-z]\.){1,4}[a-z]{2,4}$`)
-	rePhoneCn, _ = regexp.Compile("^((13[0-9])|(14[5,7])|(15[0-3,5-9])|(17[0,3,5-8])|(18[0-9])|166|198|199|(147))\\d{8}$")
+	rePhoneCn, _ = regexp.Compile("^((13[0-9])|(14[5,7])|(15[0-3,5-9])|(17[0,3,5-8])|(18[0-9])|166|191|198|199|(147))\\d{8}$")
 }
 
 func IsEmailValid(email string) bool {
diff --git a/web/src/locales/en.json b/web/src/locales/en.json
index 7a204735..b2cd9a8d 100644
--- a/web/src/locales/en.json
+++ b/web/src/locales/en.json
@@ -135,7 +135,9 @@
     "You can only send one code in 60s.": "You can only send one code in 60s.",
     "Code has not been sent yet!": "Code has not been sent yet!",
     "You should verify your code in 5 min!": "You should verify your code in 5 min!",
-    "Wrong code!": "Wrong code!"
+    "Wrong code!": "Wrong code!",
+    "Invalid phone number": "Invalid phone number",
+    "Invalid Email address": "Invalid Email address"
   },
   "application":
   {
diff --git a/web/src/locales/zh.json b/web/src/locales/zh.json
index a4fafe32..83b11051 100644
--- a/web/src/locales/zh.json
+++ b/web/src/locales/zh.json
@@ -137,7 +137,9 @@
     "You can only send one code in 60s.": "每分钟你只能发送一次验证码",
     "Code has not been sent yet!": "你还没有发送验证码",
     "You should verify your code in 5 min!": "验证码已超时。你应该在 5 分钟内完成验证。",
-    "Wrong code!": "验证码错误！"
+    "Wrong code!": "验证码错误！",
+    "Invalid phone number": "手机号格式错误",
+    "Invalid Email address": "邮箱格式错误"
   },
   "application":
   {