diff --git a/application/admin/controller/Ad.php b/application/admin/controller/Ad.php
index 0d72d8a0..80b330ee 100644
--- a/application/admin/controller/Ad.php
+++ b/application/admin/controller/Ad.php
@@ -122,7 +122,7 @@ class Ad extends Admin {
 		if ($this->request->isPost()) {
 			$result = $ad->change();
 			if ($result) {
-				return $this->success("添加成功！", url('admin/ad/lists', array('id' => $this->request->param('place_id')))));
+				return $this->success("添加成功！", url('admin/ad/lists', array('id' => $this->request->param('place_id'))));
 			} else {
 				return $this->error($ad->getError());
 			}
diff --git a/application/admin/controller/Form.php b/application/admin/controller/Form.php
index 4564b70e..5d317068 100644
--- a/application/admin/controller/Form.php
+++ b/application/admin/controller/Form.php
@@ -223,7 +223,7 @@ class Form extends Admin {
 	}
 
 	public function delattr(\think\Request $request){
-		$id = isset($request->param('id')) ? $request->param('id') : 0;
+		$id = $request->param('id', 0);
 		if (!$id) {
 			return $this->error('非法操作！');
 		}
diff --git a/application/api/controller/Login.php b/application/api/controller/Login.php
index 5561a40a..6fcf39bf 100644
--- a/application/api/controller/Login.php
+++ b/application/api/controller/Login.php
@@ -21,6 +21,7 @@ class Login extends \app\common\controller\Api{
 				$info['access_token'] = authcode($user['uid'].'|'.$user['username'].'|'.$user['password'], 'ENCODE');
 				$info['uid'] = $user['uid'];
 				$info['username'] = $user['username'];
+				$info['password'] = $user['password'];
 				$info['avatar'] = (isset($user['avatar_url']) && $user['avatar_url']) ? $user['avatar_url'] : avatar($user['uid']);
 
 				$this->data['data'] = $info;
diff --git a/application/api/controller/Upload.php b/application/api/controller/Upload.php
new file mode 100644
index 00000000..82e2eb64
--- /dev/null
+++ b/application/api/controller/Upload.php
@@ -0,0 +1,66 @@
+<?php
+namespace app\api\controller;
+
+class Upload extends \app\common\controller\Api {
+
+	public $mustToken = true;
+
+	public function images(){
+		$config = config('picture_upload');
+		// 获取表单上传文件 例如上传了001.jpg
+		$file = $this->request->file('file');
+		$size = $config['size'] * 1024 * 1024;
+		$info = $file->validate(array(
+			'size'     => $size,
+			'ext'      => $config['ext'],
+		))->move($config['rootPath'], true, false);
+
+		if ($info) {
+			$this->data['data'] = $this->save($config, 'images', $info);
+			return $this->data;
+		}else{
+			$this->data['code'] = 1;
+			$this->data['msg'] = $file->getError();
+			return $this->data;
+		}
+	}
+
+	/**
+	 * 保存上传的信息到数据库
+	 * @var view
+	 * @access public
+	 */
+	protected function save($config, $type, $file) {
+		$file           = $this->parseFile($file);
+		$file['status'] = 1;
+		$dbname         = ($type == 'images') ? 'picture' : 'file';
+		$id             = db($dbname)->insertGetId($file);
+
+		if ($id) {
+			$data = db($dbname)->where(array('id' => $id))->find();
+			return $data;
+		} else {
+			return false;
+		}
+	}
+	
+	protected function parseFile($info) {
+		$data['create_time'] = $info->getATime(); //最后访问时间
+		$data['savename']    = $info->getBasename(); //获取无路径的basename
+		$data['c_time']      = $info->getCTime(); //获取inode修改时间
+		$data['ext']         = $info->getExtension(); //文件扩展名
+		$data['name']        = $info->getFilename(); //获取文件名
+		$data['m_time']      = $info->getMTime(); //获取最后修改时间
+		$data['owner']       = $info->getOwner(); //文件拥有者
+		$data['savepath']    = $info->getPath(); //不带文件名的文件路径
+		$data['url']         = $data['path']         = '/uploads/' . $info->getSaveName(); //全路径
+		$data['size']        = $info->getSize(); //文件大小，单位字节
+		$data['is_file']     = $info->isFile(); //是否是文件
+		$data['is_execut']   = $info->isExecutable(); //是否可执行
+		$data['is_readable'] = $info->isReadable(); //是否可读
+		$data['is_writable'] = $info->isWritable(); //是否可写
+		$data['md5']         = md5_file($info->getPathname());
+		$data['sha1']        = sha1_file($info->getPathname());
+		return $data;
+	}
+}
\ No newline at end of file
diff --git a/application/api/controller/Wechat.php b/application/api/controller/Wechat.php
index c955aa88..1c4238b3 100644
--- a/application/api/controller/Wechat.php
+++ b/application/api/controller/Wechat.php
@@ -36,8 +36,12 @@ class Wechat extends \app\common\controller\Api{
 			if (!$user) {
 				$other = array(
 					'avatar_url' => $param['avatar'],
+					'nickname' => $param['nickname'],
+					'openid' => $info['openid']
 				);
-				$user = model('Member')->register($param['nickname'], $param['openid'], $param['openid'], $param['openid'].'@wx.com', false, $other);
+				$user = model('Member')->register($param['nickname'], $info['openid'], $info['openid'], $info['openid'].'@wxapp.com', false, $other);
+			}else{
+				model('Member')->where('openid', $info['openid'])->setField('avatar_url', $param['avatar']);
 			}
 
 			$info['access_token'] = authcode($user['uid'].'|'.$user['username'].'|'.$user['password'], 'ENCODE');
diff --git a/application/common/controller/Api.php b/application/common/controller/Api.php
index c0a04e3f..756d4bef 100644
--- a/application/common/controller/Api.php
+++ b/application/common/controller/Api.php
@@ -65,6 +65,7 @@ class Api {
 			$token = authcode($header['accesstoken']);
 			list($uid, $username, $password) = explode('|', $token);
 			$this->user = model('Member')->where('uid', $uid)->where('username', $username)->find();
+
 			if ($this->user && $password === $this->user['password']) {
 				return true;
 			}else{