diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index d00ed0b5..68511e1e 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -124,4 +124,14 @@ class UserController extends Controller
         $resource = ExamResource::collection($result);
         return $this->success($resource);
     }
+
+    public function disable(Request $request)
+    {
+        $request->validate([
+            'uid' => 'required',
+            'reason' => 'required',
+        ]);
+        $result = $this->repository->disableUser(Auth::user(), $request->uid, $request->reason);
+        return $this->success($result);
+    }
 }
diff --git a/app/Models/User.php b/app/Models/User.php
index 7c2e5f64..51ce60b3 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -6,6 +6,7 @@ use App\Http\Middleware\Locale;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Foundation\Auth\User as Authenticatable;
 use Illuminate\Notifications\Notifiable;
+use Illuminate\Support\Facades\DB;
 use Laravel\Sanctum\HasApiTokens;
 
 class User extends Authenticatable
@@ -154,4 +155,13 @@ class User extends Authenticatable
         return $this->belongsTo(User::class, 'invited_by');
     }
 
+    public function updateWithModComment(array $update, $modComment)
+    {
+        if (!$this->exists) {
+            throw new \RuntimeException('User not exists!');
+        }
+        $update['modcomment'] = DB::raw("concat_ws('\n', $modComment, modcomment)");
+        return $this->update($update);
+    }
+
 }
diff --git a/app/Repositories/UserRepository.php b/app/Repositories/UserRepository.php
index 80bbb731..0630250f 100644
--- a/app/Repositories/UserRepository.php
+++ b/app/Repositories/UserRepository.php
@@ -6,7 +6,9 @@ use App\Http\Resources\UserResource;
 use App\Models\ExamUser;
 use App\Models\Setting;
 use App\Models\User;
+use App\Models\UserBanLog;
 use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Support\Facades\DB;
 
 class UserRepository extends BaseRepository
 {
@@ -96,4 +98,21 @@ class UserRepository extends BaseRepository
         }
         return $out;
     }
+
+    public function disableUser(User $operator, $uid, $reason)
+    {
+        $targetUser = User::query()->findOrFail(['id', 'username']);
+        $banLog = [
+            'uid' => $uid,
+            'username' => $targetUser->username,
+            'reason' => $reason,
+            'operator' => $operator->id,
+        ];
+        $modCommentText = sprintf("Disable by %s, reason: %s.", $operator->username, $reason);
+        DB::transaction(function () use ($targetUser, $banLog, $modCommentText) {
+            $targetUser->updateWithModComment(['enable' => User::ENABLED_NO], $modCommentText);
+            UserBanLog::query()->insert($banLog);
+        });
+        return true;
+    }
 }
diff --git a/routes/api.php b/routes/api.php
index a8221a6d..3c12a781 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -23,6 +23,7 @@ Route::group(['middleware' => ['auth:sanctum', 'permission', 'locale']], functio
     Route::get('user-base', [\App\Http\Controllers\UserController::class, 'base']);
     Route::get('user-classes', [\App\Http\Controllers\UserController::class, 'classes']);
     Route::get('user-match-exams', [\App\Http\Controllers\UserController::class, 'matchExams']);
+    Route::post('user-disable', [\App\Http\Controllers\UserController::class, 'disable']);
 
     Route::resource('exams', \App\Http\Controllers\ExamController::class);
     Route::get('exam-indexes', [\App\Http\Controllers\ExamController::class, 'indexes']);