diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index c4b72f584..f47ba446e 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -525,7 +525,7 @@ class ApplicationController < ActionController::Base
   #
   # @return [boolean, string] name of the layout to use or false for no layout
   def use_layout
-     request.xhr? ? false : 'base'
+     request.xhr? ? false : 'users_base'
   end
 
   def invalid_authenticity_token
diff --git a/app/models/user.rb b/app/models/user.rb
index 195346e7c..b64d0efd7 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -324,7 +324,7 @@ class User < Principal
   # Returns the user that matches provided login and password, or nil
   #登录，返回用户名与密码匹配的用户
   def self.try_to_login(login, password)
-    login = login.to_s
+    login = login.to_s.lstrip.rstrip
     password = password.to_s
 
     # Make sure no one can sign in with an empty login or password