diff --git a/backend/database.js b/backend/database.js
index 42b0d9f..7ffe770 100644
--- a/backend/database.js
+++ b/backend/database.js
@@ -192,6 +192,11 @@ const UserDB = {
 
     const hasFtpConfig = userData.ftp_host && userData.ftp_user && userData.ftp_password ? 1 : 0;
 
+    // 对验证令牌进行哈希存储（与 VerificationDB.setVerification 保持一致）
+    const hashedVerificationToken = userData.verification_token
+      ? crypto.createHash('sha256').update(userData.verification_token).digest('hex')
+      : null;
+
     const stmt = db.prepare(`
       INSERT INTO users (
         username, email, password,
@@ -212,7 +217,7 @@ const UserDB = {
       userData.http_download_base_url || null,
       hasFtpConfig,
       userData.is_verified !== undefined ? userData.is_verified : 0,
-      userData.verification_token || null,
+      hashedVerificationToken,
       userData.verification_expires_at || null
     );