diff --git a/Application/Admin/Controller/BaseController.class.php b/Application/Admin/Controller/BaseController.class.php
index ab33760..7fa8ed6 100644
--- a/Application/Admin/Controller/BaseController.class.php
+++ b/Application/Admin/Controller/BaseController.class.php
@@ -3,10 +3,10 @@ namespace Admin\Controller;
 use Think\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 
diff --git a/Application/Admin/Controller/BlogController.class.php b/Application/Admin/Controller/BlogController.class.php
index 98d6844..969c60d 100644
--- a/Application/Admin/Controller/BlogController.class.php
+++ b/Application/Admin/Controller/BlogController.class.php
@@ -3,10 +3,10 @@ namespace Admin\Controller;
 use Admin\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 /**
diff --git a/Application/Admin/Controller/CategoryController.class.php b/Application/Admin/Controller/CategoryController.class.php
index f82ab85..38824d7 100644
--- a/Application/Admin/Controller/CategoryController.class.php
+++ b/Application/Admin/Controller/CategoryController.class.php
@@ -3,10 +3,10 @@ namespace Admin\Controller;
 use Admin\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 /**
diff --git a/Application/Admin/Controller/CheckController.class.php b/Application/Admin/Controller/CheckController.class.php
index a56a8dd..c096f28 100644
--- a/Application/Admin/Controller/CheckController.class.php
+++ b/Application/Admin/Controller/CheckController.class.php
@@ -3,10 +3,10 @@ namespace Admin\Controller;
 use Think\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
  
 class CheckController extends Controller
@@ -15,9 +15,34 @@ class CheckController extends Controller
      * 临时查看漏洞报告
      */
        public function view(){
-		$id = I('get.session_id',0,'intval');
+		$id = I('get.session_id',0,'number_int'); //seesion token防注入
         $model = M('post')->where('session='.$id)->find();
+		$flow = M('wflow')->where('session='.$id)->select();
+		$this->assign('wflow',$flow);
         $this->assign('model',$model);
-        $this->display();
+		$this->display();
+    }
+    /**
+     * 添加漏洞处理进展
+     */
+    public function add()
+    {
+        //默认显示添加表单
+        if (!IS_POST) {
+            $this->display();
+        }
+        if (IS_POST) {
+            $model = D("wflow");
+            if (!$model->create()) {
+                $this->error($model->getError());
+                exit();
+            } else {
+                if ($model->add()) {
+                    $this->success("添加成功", U('post/index'));
+                } else {
+                    $this->error("添加失败", U('post/index'));
+                }
+            }
+        }
     }
 }
diff --git a/Application/Admin/Controller/HallController.class.php b/Application/Admin/Controller/HallController.class.php
index c9ef63f..cda2a15 100644
--- a/Application/Admin/Controller/HallController.class.php
+++ b/Application/Admin/Controller/HallController.class.php
@@ -3,10 +3,10 @@ namespace Admin\Controller;
 use Admin\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
  
 /**
diff --git a/Application/Admin/Controller/IndexController.class.php b/Application/Admin/Controller/IndexController.class.php
index 9102bbb..826db92 100644
--- a/Application/Admin/Controller/IndexController.class.php
+++ b/Application/Admin/Controller/IndexController.class.php
@@ -3,10 +3,10 @@ namespace Admin\Controller;
 use Admin\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 class IndexController extends BaseController{
diff --git a/Application/Admin/Controller/InfoController.class.php b/Application/Admin/Controller/InfoController.class.php
index 116fd0c..633e2c8 100644
--- a/Application/Admin/Controller/InfoController.class.php
+++ b/Application/Admin/Controller/InfoController.class.php
@@ -3,10 +3,10 @@ namespace Admin\Controller;
 use Admin\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 /**
diff --git a/Application/Admin/Controller/LoginController.class.php b/Application/Admin/Controller/LoginController.class.php
index 93b80cf..5e14df8 100644
--- a/Application/Admin/Controller/LoginController.class.php
+++ b/Application/Admin/Controller/LoginController.class.php
@@ -3,10 +3,10 @@ namespace Admin\Controller;
 use Think\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 class LoginController extends Controller {
diff --git a/Application/Admin/Controller/ManagerController.class.php b/Application/Admin/Controller/ManagerController.class.php
index 61b2ce4..b1ec70e 100644
--- a/Application/Admin/Controller/ManagerController.class.php
+++ b/Application/Admin/Controller/ManagerController.class.php
@@ -3,10 +3,10 @@ namespace Admin\Controller;
 use Admin\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/26
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.6
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 /**
diff --git a/Application/Admin/Controller/MemberController.class.php b/Application/Admin/Controller/MemberController.class.php
index 587367d..df51121 100644
--- a/Application/Admin/Controller/MemberController.class.php
+++ b/Application/Admin/Controller/MemberController.class.php
@@ -3,10 +3,10 @@ namespace Admin\Controller;
 use Admin\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 /**
diff --git a/Application/Admin/Controller/OrderController.class.php b/Application/Admin/Controller/OrderController.class.php
index ce4baca..5c7d6f9 100644
--- a/Application/Admin/Controller/OrderController.class.php
+++ b/Application/Admin/Controller/OrderController.class.php
@@ -2,10 +2,10 @@
 namespace Admin\Controller;
 use Admin\Controller;
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
  
 /**
diff --git a/Application/Admin/Controller/PageController.class.php b/Application/Admin/Controller/PageController.class.php
index 18bfc1c..61726e1 100644
--- a/Application/Admin/Controller/PageController.class.php
+++ b/Application/Admin/Controller/PageController.class.php
@@ -2,10 +2,10 @@
 namespace Admin\Controller;
 use Admin\Controller;
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
  
 /**
diff --git a/Application/Admin/Controller/PostController.class.php b/Application/Admin/Controller/PostController.class.php
index 3cb2cd3..7767af5 100644
--- a/Application/Admin/Controller/PostController.class.php
+++ b/Application/Admin/Controller/PostController.class.php
@@ -2,10 +2,10 @@
 namespace Admin\Controller;
 use Admin\Controller;
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
  
 class PostController extends BaseController
@@ -130,10 +130,12 @@ class PostController extends BaseController
      */
 	    public function session(){
 		$id = I('get.id',0,'intval');
-		$str = '!@#$%^&*abcdefghijklmnopqrstuvwxyz';
-        $session = md5($str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)]);
+		$str = '1234567890';
+        $session = $str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)];
+		$visible = 1;
         $model = M('post');
         $model->session = $session;
+		$model->visible = $visible;
 		$result = $model->where('id='.$id)->save();
 		if($result){
             $this->success("授权成功", U('Check/view?session_id='.$session));
diff --git a/Application/Admin/Controller/SettingController.class.php b/Application/Admin/Controller/SettingController.class.php
index a70d6a1..146c8d2 100644
--- a/Application/Admin/Controller/SettingController.class.php
+++ b/Application/Admin/Controller/SettingController.class.php
@@ -3,10 +3,10 @@ namespace Admin\Controller;
 use Admin\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 /**
diff --git a/Application/Admin/View/Check/view.html b/Application/Admin/View/Check/view.html
index 39eaba0..06bd540 100644
--- a/Application/Admin/View/Check/view.html
+++ b/Application/Admin/View/Check/view.html
@@ -4,13 +4,11 @@
 		<meta http-equiv="content-type" content="text/html; charset=UTF-8">
 		<meta charset="utf-8">
 		<title>安全工单</title>
-		<meta name="generator" content="Bootply" />
 		<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
+		<!--防止外泄referer-->
+		<meta name="referrer" content="never">
 		<link href="__PUBLIC__/Home/css/bootstrap.min.css" rel="stylesheet">
 		<link href="__PUBLIC__/Home/index/carousel.css" rel="stylesheet">
-		<!--[if lt IE 9]>
-			<script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script>
-		<![endif]-->
 		<link href="__PUBLIC__/Home/css/styles.css" rel="stylesheet">
 	</head>
 	<body>
@@ -25,7 +23,7 @@
             <span class="yaheiicon-bar"></span>
           </button>
           <a class="yahei navbar-brand" href="/dev/index.php?m=&c=index&a=index"><strong>安全应急响应中心</strong>
-          <span class="yahei navbar-brand-subtitle">安全工单</span>
+          <span class="yahei navbar-brand-subtitle">外部安全工单</span>
           </a>
     </div>
     <div class="navbar-collapse collapse" id="navbar">
@@ -54,7 +52,7 @@
 			 </pre>
 	    </div>
 		<div class="row">
-		<p>#修复建议 / 修补期限：</span><span><if condition="$model.type eq 1"><span class="label label-success"></span>
+		<p><b><span>#修复建议</span></b><span> / 修补期限：</span><span><if condition="$model.type eq 1"><span class="label label-success"></span>
                     <elseif condition="$model.type eq 2" /><span class="label label-default">10天</span>
                     <elseif condition="$model.type eq 3" /><span class="label label-warning">3天</span>
                     <elseif condition="$model.type eq 4" /><span class="label label-danger">2天</span>
@@ -69,6 +67,53 @@
 			 {$model.advise}
 			 </pre>
 	    </div>
+		<hr/>
+		<foreach name="wflow" item="v">
+		<div class="row">
+			<p><b><span>#处理进展</span></b><span> / </span><span>@{$v.time}</span><span> / </span><span>状态变更：<if condition="$v.type eq 1"><span class="label label-info">已确认</span>
+                    <elseif condition="$v.type eq 2" /><span class="label label-default">已分配</span>
+                    <elseif condition="$v.type eq 3" /><span class="label label-warning">处理中</span>
+                    <elseif condition="$v.type eq 4" /><span class="label label-success">已结单</span>
+                    </if><span> / 变动人：<span class="label label-default">{$v.userid}</span></p>
+		</div>
+        <div class="row">
+		   <pre>
+			 {$v.content|htmlspecialchars_decode|waf}
+			 </pre>
+		</div>
+		</foreach>
+		<div class="row">
+		<form method="post" action="{:U('check/add')}">
+            <label for="post-content">添加处理进展</label>
+            <script id="post-content" name="content" type="text/plain"></script>
+			<br/>
+			<div class="form-group input-group input-group-sm">
+				<span class="input-group-addon">处理人：</span><input type="text" class="form-control" name="userid" id="userid" placeholder="请输入您的公司id"/>
+			</div>
+			<div class="form-group input-group input-group-sm">
+			  <span class="input-group"><b>处理状态：</b></span>
+			  <label class="radio-inline">
+              <input type="radio" name="type" id="type" value="1" checked="checked" />已确认
+				</label>
+				<label class="radio-inline">
+					<input type="radio" name="type" id="type" value="2" />已分配
+				</label>
+				<label class="radio-inline">
+					<input type="radio" name="type" id="type" value="3" />处理中
+				</label>
+				<label class="radio-inline">
+					<input type="radio" name="type" id="type" value="4" />已结单
+				</label>
+			</div>
+			<div class="form-group input-group input-group-sm">
+              <input type="hidden" name="session" id="session" value="{$model.session}" />
+			</div>
+			<div class="form-group input-group input-group-sm">
+              <input type="hidden" name="time" id="time" value="<?php echo date('Y-m-d H:i:s',time());?>" />
+			</div>
+			<button type="submit" class="btn btn-default">提交</button>
+		</form>
+        </div>
 		<div class="row">
 			<hr/>
 			<p><b>注意事项:</b></p>
@@ -77,5 +122,20 @@
 		</div>
   </div>
 </div>
+<!-- 配置文件 -->
+<script type="text/javascript" src="__PUBLIC__/ueditor/ueditor.config.js"></script>
+<!-- 编辑器源码文件 -->
+<script type="text/javascript" src="__PUBLIC__/ueditor/ueditor.all.js"></script>
+<!-- 实例化编辑器 -->
+<script type="text/javascript">
+    var ue = UE.getEditor('post-content',{
+        toolbars: [
+            ['source', 'undo', 'redo','bold', 'italic', 'underline','fontborder', 'strikethrough', '|','simpleupload', 'insertimage','attachment','emotion','link','unlink', '|', 'removeformat', 'formatmatch', 'autotypeset', 'blockquote','searchreplace', 'pasteplain', '|', 'forecolor', 'backcolor', 'insertorderedlist', 'insertunorderedlist', 'selectall', 'cleardoc'],
+            ['inserttable','insertrow', 'insertcol','mergeright', 'mergedown','deleterow', 'deletecol','splittorows','splittocols', 'splittocells','deletecaption','inserttitle', 'mergecells', 'deletetable','insertparagraphbeforetable', 'paragraph','fontsize','fontfamily']
+        ],
+        initialFrameHeight:500,
+        zIndex:100
+    });
+</script>
 </body>
 </html>
\ No newline at end of file
diff --git a/Application/Admin/View/Index/index.html b/Application/Admin/View/Index/index.html
index f854f7f..37600ef 100644
--- a/Application/Admin/View/Index/index.html
+++ b/Application/Admin/View/Index/index.html
@@ -7,6 +7,7 @@
                 <button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
                 <span style="font-size:20px">您好！欢迎登陆应急响应中心管理后台</span>
                 <p>注意:请定期修改您的后台密码，保证安全性！</p>
+				<p>请您定期更新SRCMS以获取最新安全补丁和特性：<a href="https://github.com/martinzhou2015/SRCMS" target="_blank">点击此处查看项目</a></p>
 				<!--<p>您可以进行以下操作：</p>
 				<ul>
 				<li>1.漏洞审核</li>
@@ -18,23 +19,6 @@
             </div>
         </div>
     </div><!-- /.row -->
-<div class="alert alert-success alert-dismissable">
-<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
-<p>
-<span><strong>最新版本：</strong></span>
-<span id="version"></span>
-</p>
-<p><span><strong>发布日期：</strong></span>
-<span id="date"></span>
-</p>
-<p>
-<span><strong>更新简介：</strong></span>
-<span id="des"></span>
-</p>
-<p>
-<a href="https://github.com/martinzhou2015">立即下载</a>
-</p>
-</div>
     <div class="row">
         <div class="col-lg-3">
             <div class="panel panel-info">
diff --git a/Application/Admin/View/Post/index.html b/Application/Admin/View/Post/index.html
index 9fd2070..64f6735 100644
--- a/Application/Admin/View/Post/index.html
+++ b/Application/Admin/View/Post/index.html
@@ -43,7 +43,7 @@
                 <td>{$v.time|date="Y/m/d",###}</td>
                 <td>{$v.username}</td>
                 <td>{$v.category_title}</td>
-                <td><a href="{:U('post/update?id=')}{$v.id}">审核</a> | <a href="{:U('post/session?id=')}{$v.id}" target="_Blank">生成工单</a> | <a href="{:U('check/view?session_id=')}{$v.session}" target="_Blank">查看工单</a> | <a href="{:U('post/delete?id=')}{$v.id}" style="color:red;" onclick="javascript:return del('您真的确定要删除吗？\n\n删除后将不能恢复!');">删除</a></td>
+                <td><a href="{:U('post/update?id=')}{$v.id}">审核</a> | <if condition="$v.visible eq 0"><a href="{:U('post/session?id=')}{$v.id}" target="_Blank">生成工单</a>  <elseif condition="$v.visible eq 1" /><a href="{:U('check/view?session_id=')}{$v.session}" target="_Blank">查看工单</a></if> | <a href="{:U('post/delete?id=')}{$v.id}" style="color:red;" onclick="javascript:return del('您真的确定要删除吗？\n\n删除后将不能恢复!');">删除</a></td>
             </tr>
         </foreach>
         </tbody>
diff --git a/Application/Admin/View/Post/update.html b/Application/Admin/View/Post/update.html
index 027b341..c3bcd79 100644
--- a/Application/Admin/View/Post/update.html
+++ b/Application/Admin/View/Post/update.html
@@ -28,12 +28,6 @@
 		<div class="form-group">
             <label for="post-content">修复建议</label>
             <input type="text" name="advise" class="form-control" value="{$post.advise}" id="post-title" placeholder="输入修复建议">
-        </div>
-		<div class="form-group">
-            <label>漏洞公开</label>
-            <label class="radio-inline">
-              <input type="radio" name="visible" id="visible" value="1" <if condition="$post.day eq 2">checked="checked"</if>>公开
-            </label>
         </div>
 		<div class="form-group">
             <label>修补限期</label>
diff --git a/Application/Admin/View/Public/sidebar.html b/Application/Admin/View/Public/sidebar.html
index ab7959c..daf550c 100644
--- a/Application/Admin/View/Public/sidebar.html
+++ b/Application/Admin/View/Public/sidebar.html
@@ -31,6 +31,6 @@
                   </ul>
                 </li>
 	<li class="dropdown">
-        <a href="{:U('setting/index')}"><i class="fa fa-star"></i>系统设置</a>
+        <a href="{:U('setting/index')}"><i class="fa fa-star"></i> 系统设置</a>
     </li>
 </ul>
\ No newline at end of file
diff --git a/Application/Common/Conf/config.php b/Application/Common/Conf/config.php
index 8959683..fa8c689 100644
--- a/Application/Common/Conf/config.php
+++ b/Application/Common/Conf/config.php
@@ -1,25 +1,27 @@
 <?php
 return array(
-	//'配置项' =>'配置值'
 	'MODULE_ALLOW_LIST' =>    array('Home','Admin',),
-	//我们用了入口版定 所以下面这行可以注释掉
-	//'DEFAULT_MODULE'    =>    'Home',  // 默认模块	
-	//'SHOW_PAGE_TRACE'   =>  flase, 
 	'LOAD_EXT_CONFIG'   => 'db', 
-	'URL_CASE_INSENSITIVE'  =>  true,  //url不区分大小写
+	/**
+	URL不区分大小写
+	**/
+	'URL_CASE_INSENSITIVE'  =>  true,    
 	'URL_MODEL'   =>0,
 	'URL_HTML_SUFFIX'  =>'html',
-	//'DEFAULT_FILTER'        => 'htmlspecialchars',
-	'SUPER_ADMIN_ID'=>1,  //超级管理员id 删除用户的时候用这个禁止删除
 	'SHOW_ERROR_MSG'        =>  true, 
-	//用户注册默认信息
-	'DEFAULT_SCORE'=>100,
-	'MAIL_ADDRESS'=>'xxxx@126.com', // 此处填写邮箱地址
-    'MAIL_SMTP'=>'smtp.126.com', // 邮箱SMTP服务器
-    'MAIL_LOGINNAME'=>'xxxxx', // 邮箱登录帐号
-    'MAIL_PASSWORD'=>'xxxxx', // 邮箱密码
-    'MAIL_CHARSET'=>'UTF-8',//编码
-    'MAIL_AUTH'=>true,//邮箱认证
-    'MAIL_HTML'=>true,//true HTML格式 false TXT格式
+	/**
+	邮件服务配置
+	**/
+	'MAIL_ADDRESS'=>'xxxx@126.com',   // 此处填写邮箱地址
+    'MAIL_SMTP'=>'smtp.126.com',      // 邮箱SMTP服务器（各家邮件服务提供商smtp服务器地址不同）
+    'MAIL_LOGINNAME'=>'xxxxx',        // 邮箱登录帐号
+    'MAIL_PASSWORD'=>'xxxxx',         // 邮箱密码（QQ邮箱登录密码不是QQ密码）
+    'MAIL_CHARSET'=>'UTF-8',          // 邮件字符编码
+    'MAIL_AUTH'=>true,                // 邮箱认证
+    // true：发送的邮件正文为HTML格式 false：发送的邮件正文为TXT格式
+    'MAIL_HTML'=>true,
+	/**
+    站点全局开启http-only
+    **/	
 	'COOKIE_HTTPONLY'  =>  ''
 );
\ No newline at end of file
diff --git a/Application/Home/Controller/BlogController.class.php b/Application/Home/Controller/BlogController.class.php
index fed1e25..2798494 100644
--- a/Application/Home/Controller/BlogController.class.php
+++ b/Application/Home/Controller/BlogController.class.php
@@ -1,10 +1,10 @@
 <?php
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
  
 namespace Home\Controller;
@@ -13,32 +13,20 @@ use Think\Controller;
 
 class BlogController extends Controller{
 
-    public function index($key="")
+    public function index()
     {
-        if($key == ""){
-            $model = M('blog');  
-        }else{
-            $where['title'] = array('like',"%$key%");
-            $where['name'] = array('like',"%$key%");
-            $where['_logic'] = 'or';
-            $model = M('blog')->where($where); 
-        } 
-        
-        $count  = $model->where($where)->count();// 查询满足要求的总记录数
-        $Page = new \Extend\Page($count,15);// 实例化分页类 传入总记录数和每页显示的记录数(25)
-        $show = $Page->show();// 分页显示输出
-        $pages = $model->limit($Page->firstRow.','.$Page->listRows)->where($where)->order('id DESC')->select();
+        $model = M('blog');
 		$tmodel= M('setting');
+		$pages = $model->limit(15)->select();
 		$title = $tmodel->where('id=1')->select();
         $this->assign('title', $title);
         $this->assign('model', $pages);
-        $this->assign('page',$show);
         $this->display();     
     }
 
 
     public function view(){
-		$id = I('get.id',0,'intval');
+		$id = I('get.id',0,'number_int');
         $model = M('blog')->where('id='.$id)->find();
 		$tmodel= M('setting');
 		$title = $tmodel->where('id=1')->select();
diff --git a/Application/Home/Controller/GiftController.class.php b/Application/Home/Controller/GiftController.class.php
index 70273e6..8562b30 100644
--- a/Application/Home/Controller/GiftController.class.php
+++ b/Application/Home/Controller/GiftController.class.php
@@ -1,10 +1,10 @@
 <?php
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 namespace Home\Controller;
diff --git a/Application/Home/Controller/HallController.class.php b/Application/Home/Controller/HallController.class.php
index 79a8e06..2ed55dd 100644
--- a/Application/Home/Controller/HallController.class.php
+++ b/Application/Home/Controller/HallController.class.php
@@ -1,10 +1,10 @@
 <?php
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 13:59 2016/1/25
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 namespace Home\Controller;
@@ -15,13 +15,14 @@ class HallController extends Controller{
 
      public function index()
     {
-       $xuhao = 1;
-       $model = M('member');
-       $tmodel= M('setting');
-	$title = $tmodel->where('id=1')->select();
-        $user = $model->order('jifen ASC')->where('type=1')->where('jifen>0')->select();  // fix bug issued by phith0n  13:59 2016/1/25
+        $xuhao = 1;
+        $model = M('member');
+        $tmodel= M('setting');
+		$title = $tmodel->where('id=1')->select();
+		// fix bug issued by phith0n  13:59 2016/1/25
+        $user = $model->order('jifen ASC')->where('type=1')->where('jifen>0')->select();  
         $this->assign('title', $title);
-	$this ->assign('xuhao',$xuhao);
+	    $this ->assign('xuhao',$xuhao);
         $this->assign('user',getSortedCategory($user));
         $this->display();   
     }
diff --git a/Application/Home/Controller/IndexController.class.php b/Application/Home/Controller/IndexController.class.php
index c63229d..71c1392 100644
--- a/Application/Home/Controller/IndexController.class.php
+++ b/Application/Home/Controller/IndexController.class.php
@@ -1,10 +1,10 @@
 <?php
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 namespace Home\Controller;
diff --git a/Application/Home/Controller/PageController.class.php b/Application/Home/Controller/PageController.class.php
index a0482d9..397640e 100644
--- a/Application/Home/Controller/PageController.class.php
+++ b/Application/Home/Controller/PageController.class.php
@@ -1,10 +1,10 @@
 <?php
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 namespace Home\Controller;
@@ -13,26 +13,14 @@ use Think\Controller;
 
 class PageController extends Controller{
 
-    public function index($key="")
+    public function index()
     {
-        if($key == ""){
-            $model = M('page');  
-        }else{
-            $where['title'] = array('like',"%$key%");
-            $where['name'] = array('like',"%$key%");
-            $where['_logic'] = 'or';
-            $model = M('page')->where($where); 
-        } 
-        
-        $count  = $model->where($where)->count();// 查询满足要求的总记录数
-        $Page = new \Extend\Page($count,15);// 实例化分页类 传入总记录数和每页显示的记录数(25)
-        $show = $Page->show();// 分页显示输出
-        $pages = $model->limit($Page->firstRow.','.$Page->listRows)->where($where)->order('id DESC')->select();
-		$tmodel= M('setting');
+        $model = M('page');
+		$tmodel= M('setting');		
+		$pages = $model->limit(15)->select();
 		$title = $tmodel->where('id=1')->select();
         $this->assign('title', $title);
         $this->assign('model', $pages);
-        $this->assign('page',$show);
         $this->display();     
     }
 
diff --git a/Application/Home/View/Blog/index.html b/Application/Home/View/Blog/index.html
index 645f9f8..906392c 100644
--- a/Application/Home/View/Blog/index.html
+++ b/Application/Home/View/Blog/index.html
@@ -31,7 +31,6 @@
               <ul class="yahei nav navbar-nav">
                 <li class="yahei"><a href="{:U('index/index')}">首页</a></li>
                 <li><a class="yahei" href="__ROOT__/user.php">漏洞提交</a></li>
-                <li><a class="yahei" href="{:U('post/index')}">漏洞公开</a></li>
                 <li><a class="yahei" href="{:U('page/index')}">安全公告</a></li>
 				<li class="active"><a class="yahei" href="{:U('blog/index')}">研究博客</a></li>
 				<li><a class="yahei" href="{:U('hall/index')}">贡献榜</a></li>
@@ -59,19 +58,6 @@
 	    </div>
   </div>
 </div>
-
-<!--分页
-<div class="row" align="center">
-    <ul class="pagination pagination-lg">
-      <li><a href="#">&laquo;</a></li>
-      <li><a href="#">1</a></li>
-      <li  class="disabled"><a href="#" >2</a></li>
-      <li  class="disabled"><a href="#">3</a></li>
-      <li  class="disabled"><a href="#">4</a></li>
-      <li  class="disabled"><a href="#">5</a></li>
-      <li  class="disabled"><a href="#">&raquo;</a></li>
-    </ul>
-</div>-->
 <footer class="footer">
 	  <div class="container marketing yahei">
         <p class="pull-right"><a href="{:U('index/index')}">Back to top</a></p>
@@ -80,7 +66,7 @@
 </footer>
 
 <!-- script references -->
-		<script src="//2.srcmsdemo.sinaapp.com/jquery.min.js"></script>
+		<script src="__PUBLIC__/Home/index/jquery.min.js"></script>
 		<script src="__PUBLIC__/Home/js/bootstrap.min.js"></script>
 		<script src="__PUBLIC__/Home/js/scripts.js"></script>
 	</body>
diff --git a/Application/Home/View/Blog/view.html b/Application/Home/View/Blog/view.html
index d5b0cf3..844419f 100644
--- a/Application/Home/View/Blog/view.html
+++ b/Application/Home/View/Blog/view.html
@@ -7,9 +7,6 @@
 		<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
 		<link href="__PUBLIC__/Home/css/bootstrap.min.css" rel="stylesheet">
 		<link href="__PUBLIC__/Home/index/carousel.css" rel="stylesheet">
-		<!--[if lt IE 9]>
-			<script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script>
-		<![endif]-->
 		<link href="__PUBLIC__/Home/css/styles.css" rel="stylesheet">
 	</head>
  <body>
@@ -30,13 +27,12 @@
               <ul class="yahei nav navbar-nav">
                 <li class="yahei"><a href="{:U('index/index')}">首页</a></li>
                 <li><a class="yahei" href="__ROOT__/user.php">漏洞提交</a></li>
-                <li><a class="yahei" href="{:U('post/index')}">漏洞公开</a></li>
                 <li><a class="yahei" href="{:U('page/index')}">安全公告</a></li>
 				<li class="active"><a class="yahei" href="{:U('blog/index')}">研究博客</a></li>
 				<li><a class="yahei" href="{:U('hall/index')}">贡献榜</a></li>
 				<li><a class="yahei" href="{:U('gift/index')}">礼品库</a></li>
             </div>
-        </div><!--/.navbar-collapse -->
+        </div>
       </div>
     </nav>
 
@@ -54,7 +50,7 @@
 	    </div>
 		<div class="row">
 		<hr/>
-		<a class="btn btn-primary" href="{:U('page/index')}">返回列表</a>
+		<a class="btn btn-primary" href="{:U('blog/index')}">返回列表</a>
 		</div>
   </div>
 </div>
@@ -68,7 +64,7 @@
 </footer>
 
 <!-- script references -->
-		<script src="//2.srcmsdemo.sinaapp.com/jquery.min.js"></script>
+		<script src="__PUBLIC__/Home/index/jquery.min.js"></script>
 		<script src="__PUBLIC__/Home/js/bootstrap.min.js"></script>
 		<script src="__PUBLIC__/Home/js/scripts.js"></script>
 	</body>
diff --git a/Application/Home/View/Gift/index.html b/Application/Home/View/Gift/index.html
index 2a8dca1..e2b2df2 100644
--- a/Application/Home/View/Gift/index.html
+++ b/Application/Home/View/Gift/index.html
@@ -30,7 +30,6 @@
               <ul class="yahei nav navbar-nav">
                 <li class="yahei"><a href="{:U('index/index')}">首页</a></li>
                 <li><a class="yahei" href="__ROOT__/user.php">漏洞提交</a></li>
-				<li><a class="yahei" href="{:U('post/index')}">漏洞公开</a></li>
                 <li><a class="yahei" href="{:U('page/index')}">安全公告</a></li>
 				<li><a class="yahei" href="{:U('blog/index')}">研究博客</a></li>
 				<li><a class="yahei" href="{:U('hall/index')}">贡献榜</a></li>
@@ -53,8 +52,6 @@
 		<foreach name="gift" item="v">
         <li class="panel panel-default" style="width:190px;height:150px;margin:5px 5px 5px 5px;text-align:center;"><br/><img src="{$v.url}" style="width:100px;height:100px;"/><br/>{$v.title}<br/></li>
 		</foreach>
-        <!--<li class="panel panel-default" style="width:200px;height:180px;text-align:center;"><br/><img src="__PUBLIC__/Home/pic/iphone.jpg" style="width:100px;height:100px;"/><br/>iPhone6<br/><button class="btn btn-default text-align" >兑换</button></li>
-		<li class="panel panel-default" style="width:200px;height:180px;text-align:center;"><br/><img src="__PUBLIC__/Home/pic/iphone.jpg" style="width:100px;height:100px;"/><br/>iPhone6<br/><button class="btn btn-default text-align" >兑换</button></li>-->
         </ul>
 	</div>
 </div>
@@ -67,7 +64,7 @@
 </footer>
 
 <!-- script references -->
-		<script src="//2.srcmsdemo.sinaapp.com/jquery.min.js"></script>
+		<script src="__PUBLIC__/Home/index/jquery.min.js"></script>
 		<script src="__PUBLIC__/Home/js/bootstrap.min.js"></script>
 		<script src="__PUBLIC__/Home/js/scripts.js"></script>
 	</body>
diff --git a/Application/Home/View/Hall/index.html b/Application/Home/View/Hall/index.html
index 22b0af2..f803d6c 100644
--- a/Application/Home/View/Hall/index.html
+++ b/Application/Home/View/Hall/index.html
@@ -46,24 +46,10 @@
               <ul class="yahei nav navbar-nav">
                 <li class="yahei"><a href="{:U('index/index')}">首页</a></li>
                 <li><a class="yahei" href="__ROOT__/user.php">漏洞提交</a></li>
-				<li><a class="yahei" href="{:U('post/index')}">漏洞公开</a></li>
                 <li><a class="yahei" href="{:U('page/index')}">安全公告</a></li>
 				<li><a class="yahei" href="{:U('blog/index')}">研究博客</a></li>
 				<li class="active"><a class="yahei" href="{:U('hall/index')}">贡献榜</a></li>
 				<li><a class="yahei" href="{:U('gift/index')}">礼品库</a></li>
-                <!--<li class="dropdown">
-                  <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Dropdown <span class="caret"></span></a>
-                  <ul class="dropdown-menu">
-                    <li><a href="#">Action</a></li>
-                    <li><a href="#">Another action</a></li>
-                    <li><a href="#">Something else here</a></li>
-                    <li role="separator" class="divider"></li>
-                    <li class="dropdown-header">Nav header</li>
-                    <li><a href="#">Separated link</a></li>
-                    <li><a href="#">One more separated link</a></li>
-                  </ul>
-                </li>
-              </ul>-->
             </div>
         </div><!--/.navbar-collapse -->
       </div>
diff --git a/Application/Home/View/Index/index.html b/Application/Home/View/Index/index.html
index 502979b..3b656f9 100644
--- a/Application/Home/View/Index/index.html
+++ b/Application/Home/View/Index/index.html
@@ -45,7 +45,6 @@
               <ul class="yahei nav navbar-nav">
                 <li class="yahei active"><a href="{:U('index/index')}">首页</a></li>
                 <li><a class="yahei" href="__ROOT__/user.php">漏洞提交</a></li>
-				<li><a class="yahei" href="{:U('post/index')}">漏洞公开</a></li>
                 <li><a class="yahei" href="{:U('page/index')}">安全公告</a></li>
 				<li><a class="yahei" href="{:U('blog/index')}">研究博客</a></li>
 				<li><a class="yahei" href="{:U('hall/index')}">贡献榜</a></li>
diff --git a/Application/Home/View/Page/index.html b/Application/Home/View/Page/index.html
index 3ce6b03..bab35d2 100644
--- a/Application/Home/View/Page/index.html
+++ b/Application/Home/View/Page/index.html
@@ -31,24 +31,10 @@
               <ul class="yahei nav navbar-nav">
                 <li class="yahei"><a href="{:U('index/index')}">首页</a></li>
                 <li><a class="yahei" href="__ROOT__/user.php">漏洞提交</a></li>
-				<li><a class="yahei" href="{:U('post/index')}">漏洞公开</a></li>
                 <li class="active"><a class="yahei" href="{:U('page/index')}">安全公告</a></li>
 				<li><a class="yahei" href="{:U('blog/index')}">研究博客</a></li>
 				<li><a class="yahei" href="{:U('hall/index')}">贡献榜</a></li>
 				<li><a class="yahei" href="{:U('gift/index')}">礼品库</a></li>
-                <!--<li class="dropdown">
-                  <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Dropdown <span class="caret"></span></a>
-                  <ul class="dropdown-menu">
-                    <li><a href="#">Action</a></li>
-                    <li><a href="#">Another action</a></li>
-                    <li><a href="#">Something else here</a></li>
-                    <li role="separator" class="divider"></li>
-                    <li class="dropdown-header">Nav header</li>
-                    <li><a href="#">Separated link</a></li>
-                    <li><a href="#">One more separated link</a></li>
-                  </ul>
-                </li>
-              </ul>-->
             </div>
         </div><!--/.navbar-collapse -->
       </div>
@@ -71,7 +57,17 @@
 	    </div>
   </div>
 </div>
-
+<!--<div class="row" align="center">
+    <ul class="pagination pagination-lg">
+      <li><a href="#">&laquo;</a></li>
+      <li><a href="#">1</a></li>
+      <li  class="disabled"><a href="#" >2</a></li>
+      <li  class="disabled"><a href="#">3</a></li>
+      <li  class="disabled"><a href="#">4</a></li>
+      <li  class="disabled"><a href="#">5</a></li>
+      <li  class="disabled"><a href="#">&raquo;</a></li>
+    </ul>
+</div>-->
 <footer class="footer">
 	  <div class="container marketing yahei">
         <p class="pull-right"><a href="{:U('index/index')}">返回顶部</a></p>
@@ -81,7 +77,7 @@
 
 
 <!-- script references -->
-		<script src="//2.srcmsdemo.sinaapp.com/jquery.min.js"></script>
+		<script src="__PUBLIC__/Home/index/jquery.min.js"></script>
 		<script src="__PUBLIC__/Home/js/bootstrap.min.js"></script>
 		<script src="__PUBLIC__/Home/js/scripts.js"></script>
 	</body>
diff --git a/Application/Home/View/Page/view.html b/Application/Home/View/Page/view.html
index c0c116f..766971c 100644
--- a/Application/Home/View/Page/view.html
+++ b/Application/Home/View/Page/view.html
@@ -31,7 +31,6 @@
               <ul class="yahei nav navbar-nav">
                 <li class="yahei"><a href="{:U('index/index')}">首页</a></li>
                 <li><a class="yahei" href="__ROOT__/user.php">漏洞提交</a></li>
-                <li><a class="yahei" href="{:U('post/index')}">漏洞公开</a></li>
                 <li class="active"><a class="yahei" href="{:U('page/index')}">安全公告</a></li>
 				<li><a class="yahei" href="{:U('blog/index')}">研究博客</a></li>
 				<li><a class="yahei" href="{:U('hall/index')}">贡献榜</a></li>
@@ -70,7 +69,7 @@
 </footer>
 	  
 <!-- script references -->
-		<script src="//2.srcmsdemo.sinaapp.com/jquery.min.js"></script>
+	    <script src="__PUBLIC__/Home/index/jquery.min.js"></script>
 		<script src="__PUBLIC__/Home/js/bootstrap.min.js"></script>
 		<script src="__PUBLIC__/Home/js/scripts.js"></script>
 	</body>
diff --git a/Application/User/Controller/BaseController.class.php b/Application/User/Controller/BaseController.class.php
index c09eb76..3b08850 100644
--- a/Application/User/Controller/BaseController.class.php
+++ b/Application/User/Controller/BaseController.class.php
@@ -3,10 +3,10 @@ namespace User\Controller;
 use Think\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 class BaseController extends Controller {
diff --git a/Application/User/Controller/ChangeController.class.php b/Application/User/Controller/ChangeController.class.php
index f7c77a0..89c676c 100644
--- a/Application/User/Controller/ChangeController.class.php
+++ b/Application/User/Controller/ChangeController.class.php
@@ -3,17 +3,16 @@ namespace User\Controller;
 use Think\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 
 class ChangeController extends BaseController{
     /**
      * 显示更改密码页面
-     * @return [type] [description]
      */
     public function index()
     {
@@ -32,28 +31,33 @@ class ChangeController extends BaseController{
         if(!IS_POST)$this->error("非法请求");
         $member = M('member');
         $id = session('userId');
-		$oldpassword =I('post.oldpassword','','md5');
-        $password =I('post.password','','md5');
+		$username = session('username');
+		$oldpassword = I('post.oldpassword','','md5');
+        $password = I('post.password','','md5');
+
+		//获取salt
+		$salt = $member->where(array('id'=>$id,'username'=>$username))->find();
+		$s_oldpassword = md5(md5(md5($salt['salt']).$oldpassword."SR")."CMS");
 		
         //验证原密码
-        $user = $member->where(array('id'=>$id,'password'=>$oldpassword))->find();
+        $user = $member->where(array('id'=>$id,'password'=>$s_oldpassword))->find();
 		
         if(!$user) {
-            $this->error('邮箱不存在 :(') ;
+            $this->error('旧密码校验失败 :(') ;
         }
 		
-        //验证账户是否管理员        
+        //验证账户是否管理员，管理员无法在前台修改密码       
 		if($user['type'] == 2){
             $this->error('前台无法修改管理员密码 :(') ;
         }
     
-	
-	$member-> password=$password;
-    $result = $member->where(array('id'=>$id,'password'=>$oldpassword))->save();
+	$s_password = md5(md5(md5($salt['salt']).$password."SR")."CMS");
+	$member-> password=$s_password;
+    $result = $member->where(array('id'=>$id,'password'=>$s_oldpassword))->save();
 	 if($result){  
         $this->success("修改成功",U('login/logout'));
         }else{  
-         $this->error('修改失败 :(') ;
+         $this->error('修改失败,请重试 :(',U('change/index')) ;
         }  
     }
 }
\ No newline at end of file
diff --git a/Application/User/Controller/ForgetController.class.php b/Application/User/Controller/ForgetController.class.php
index 5e61550..37824f2 100644
--- a/Application/User/Controller/ForgetController.class.php
+++ b/Application/User/Controller/ForgetController.class.php
@@ -3,10 +3,10 @@ namespace User\Controller;
 use Think\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 class ForgetController extends Controller {
@@ -43,6 +43,7 @@ class ForgetController extends Controller {
         }
         //验证输入邮箱是否存在
         $user = $member->where(array('username'=>$username,'email'=>$email))->find();
+		$salt = $member->where(array('email'=>$email,'username'=>$username))->find();
 		
         if(!$user) {
             $this->error('邮箱不存在 :(') ;
@@ -60,7 +61,7 @@ class ForgetController extends Controller {
         import('ORG.Net.Mail');  
         $str = '1234567890abcdefghijklmnopqrstuvwxyz';
         $passwd=$str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)];
-        $content = md5($passwd);
+        $content = md5(md5(md5($salt['salt']).md5($passwd)."SR")."CMS");
 		$member = M('member');
 		$member-> password=$content;
 		$member ->where(array('username'=>$username,'email'=>$email))->save();
diff --git a/Application/User/Controller/GiftController.class.php b/Application/User/Controller/GiftController.class.php
index eb1b1c8..71c2321 100644
--- a/Application/User/Controller/GiftController.class.php
+++ b/Application/User/Controller/GiftController.class.php
@@ -3,10 +3,10 @@ namespace User\Controller;
 use Think\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 class GiftController extends BaseController{
diff --git a/Application/User/Controller/IndexController.class.php b/Application/User/Controller/IndexController.class.php
index f26b4d5..ef40a0f 100644
--- a/Application/User/Controller/IndexController.class.php
+++ b/Application/User/Controller/IndexController.class.php
@@ -3,10 +3,10 @@ namespace User\Controller;
 use Think\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 class IndexController extends BaseController {
diff --git a/Application/User/Controller/InfoController.class.php b/Application/User/Controller/InfoController.class.php
index f47199f..72faa37 100644
--- a/Application/User/Controller/InfoController.class.php
+++ b/Application/User/Controller/InfoController.class.php
@@ -3,10 +3,10 @@ namespace User\Controller;
 use Think\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:21 2016/1/26
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.6
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 class InfoController extends BaseController{
diff --git a/Application/User/Controller/LoginController.class.php b/Application/User/Controller/LoginController.class.php
index 52c280e..f3c4f35 100644
--- a/Application/User/Controller/LoginController.class.php
+++ b/Application/User/Controller/LoginController.class.php
@@ -3,10 +3,10 @@ namespace User\Controller;
 use Think\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 class LoginController extends Controller {
diff --git a/Application/User/Controller/PostController.class.php b/Application/User/Controller/PostController.class.php
index 7580743..bc6860d 100644
--- a/Application/User/Controller/PostController.class.php
+++ b/Application/User/Controller/PostController.class.php
@@ -3,10 +3,10 @@ namespace User\Controller;
 use Think\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
  
 class PostController extends BaseController
diff --git a/Application/User/Controller/RegController.class.php b/Application/User/Controller/RegController.class.php
index 98f1edc..2fc6102 100644
--- a/Application/User/Controller/RegController.class.php
+++ b/Application/User/Controller/RegController.class.php
@@ -3,20 +3,15 @@ namespace User\Controller;
 use Think\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 11:28 2016/1/26
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.6
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
-
-/**
- * 注册页面
- */
 class RegController extends Controller{
     /**
      * 用户列表
-     * @return [type] [description]
      */
     public function index()
     {
@@ -41,7 +36,7 @@ class RegController extends Controller{
     }
   
     /**
-     * 添加用户
+     * 用户注册
      */
     public function add()
     {
diff --git a/Application/User/View/Change/index.html b/Application/User/View/Change/index.html
index 96c7f04..faab7a8 100644
--- a/Application/User/View/Change/index.html
+++ b/Application/User/View/Change/index.html
@@ -10,7 +10,7 @@
 	<form action="{:U('change/change')}" method="post">
 	<div class="form-group">
 		<label>旧密码</label>
-		<input class="form-control" type="text" name="oldpassword" placeholder="请输入旧密码">
+		<input class="form-control" type="password" name="oldpassword" placeholder="请输入旧密码">
 	</div>
 	<div class="form-group">
 		<label>密码</label>
diff --git a/Application/User/View/Public/header.html b/Application/User/View/Public/header.html
index 4354f66..fe1e413 100644
--- a/Application/User/View/Public/header.html
+++ b/Application/User/View/Public/header.html
@@ -36,17 +36,12 @@
 			  <li class="dropdown">
                  <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false"><?php echo session('username')?><span class="caret"></span></a>
                   <ul class="dropdown-menu">
-                    <!--<li><a href="#">Action</a></li>
-                    <li><a href="#">更改密码</a></li>
-                    <li><a href="#">Something else here</a></li>
-                    <li role="separator" class="divider"></li>
-                    <li class="dropdown-header">Nav header</li>-->
 					<li><a href="{:U('change/index')}">更改密码</a></li>
                     <li><a href="{:U('login/logout')}">退出登录</a></li>
                   </ul>
                 </li>
               </ul>
             </div>
-        </div><!--/.navbar-collapse -->
+        </div>
       </div>
     </nav>
\ No newline at end of file
diff --git a/DB/srcms.sql b/DB/srcms.sql
index c111f95..2d1a461 100644
--- a/DB/srcms.sql
+++ b/DB/srcms.sql
@@ -3,7 +3,7 @@
 -- http://www.phpmyadmin.net
 --
 -- 主机: localhost
--- 生成日期: 2016 年 12 月 02 日 12:16
+-- 生成日期: 2016 年 12 月 03 日 21:32
 -- 服务器版本: 5.5.40
 -- PHP 版本: 5.3.29
 
@@ -145,10 +145,10 @@ CREATE TABLE IF NOT EXISTS `links` (
 --
 
 INSERT INTO `links` (`id`, `title`, `url`, `sort`) VALUES
-(1, 'iPhone6', 'http://1.srcms.applinzi.com/iphone.jpg', 100),
-(2, 'iPhone6 Plus', 'http://1.srcms.applinzi.com/iphone.jpg', 100),
-(3, 'MacBook', 'http://1.srcms.applinzi.com/iphone.jpg', 100),
-(4, 'MacBook Air', 'http://1.srcms.applinzi.com/iphone.jpg', 100);
+(1, 'iPhone6', './public/Home/images/iphone.jpg', 100),
+(2, 'iPhone6 Plus', './public/Home/images/iphone.jpg', 100),
+(3, 'Macbook', './public/Home/images/iphone.jpg', 100),
+(4, 'MacBook Air', './public/Home/images/iphone.jpg', 100);
 
 -- --------------------------------------------------------
 
@@ -172,7 +172,7 @@ CREATE TABLE IF NOT EXISTS `manager` (
 --
 
 INSERT INTO `manager` (`id`, `username`, `email`, `password`, `login_ip`, `create_at`, `update_at`) VALUES
-(1, 'admin', '100946575@qq.com', '21232f297a57a5a743894a0e4a801fc3', '0.0.0.0', '1453778451', '1480648405');
+(1, 'admin', '100946575@qq.com', '21232f297a57a5a743894a0e4a801fc3', '0.0.0.0', '1453778451', '1480752301');
 
 -- --------------------------------------------------------
 
@@ -196,7 +196,14 @@ CREATE TABLE IF NOT EXISTS `member` (
   PRIMARY KEY (`id`),
   KEY `username` (`username`) USING BTREE,
   KEY `password` (`password`) USING BTREE
-) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
+) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;
+
+--
+-- 转存表中的数据 `member`
+--
+
+INSERT INTO `member` (`id`, `username`, `email`, `salt`, `password`, `avatar`, `create_at`, `update_at`, `login_ip`, `status`, `type`, `jifen`) VALUES
+(1, 'user', '1@qq.com', 'pGFhwRqX', 'f3fa525a696371c3db889bf5cec6d1d2', NULL, '1480658200', '1480766843', '0.0.0.0', 1, 1, 0);
 
 -- --------------------------------------------------------
 
@@ -254,7 +261,7 @@ INSERT INTO `page` (`id`, `title`, `name`, `content`) VALUES
 
 CREATE TABLE IF NOT EXISTS `post` (
   `id` int(11) NOT NULL AUTO_INCREMENT,
-  `session` varchar(15) NOT NULL,
+  `session` varchar(255) NOT NULL,
   `title` varchar(255) DEFAULT NULL,
   `content` text,
   `advise` varchar(255) NOT NULL,
@@ -268,16 +275,14 @@ CREATE TABLE IF NOT EXISTS `post` (
   PRIMARY KEY (`id`),
   KEY `cate_id` (`cate_id`),
   KEY `user_id` (`user_id`)
-) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=4 ;
+) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;
 
 --
 -- 转存表中的数据 `post`
 --
 
 INSERT INTO `post` (`id`, `session`, `title`, `content`, `advise`, `time`, `day`, `cate_id`, `user_id`, `rank`, `type`, `visible`) VALUES
-(1, '4a5e3249c99651c', '漏洞漏洞', '&lt;p&gt;漏洞啊&lt;/p&gt;', '修补啊', '1453799758', 3, 6, 1, 4, 1, 1),
-(2, '43eb5b1522075c3', '漏洞2', '&lt;p&gt;漏洞2&lt;/p&gt;', '', '1454464294', 1, 6, 1, 4, 1, 0),
-(3, '44070a764435658', '漏洞3', '&lt;p&gt;漏洞3&lt;br/&gt;&lt;/p&gt;', '', '1454474524', 0, 13, 1, 0, 1, 0);
+(1, '4260545457986537762', '测试', '&lt;p&gt;测试&lt;/p&gt;', '', '1480684856', 0, 2, 1, 0, 1, 1);
 
 -- --------------------------------------------------------
 
@@ -305,6 +310,31 @@ INSERT INTO `setting` (`id`, `key`, `value`, `description`) VALUES
 (4, 'site-tongji', '&lt;script&gt; console.log(&quot;统计代码&quot;)&lt;/script&gt;', '统计代码'),
 (5, 'site-introduce', '<p >华软安全应急响应中心（HR Security Response Center）是轻响应致力于维护华软内网健康生态环境，保障内务产品和网络的信息安全，促进同学们的合作与交流，而建立的漏洞收集及应急响应平台。本平台收集华软产品线及业务上存在的安全漏洞，同时，我们也希望借此平台加强同学们的网络安全意识，共同打造简单可信赖的华软内网健康生态。</p>', '站点介绍');
 
+-- --------------------------------------------------------
+
+--
+-- 表的结构 `wflow`
+--
+
+CREATE TABLE IF NOT EXISTS `wflow` (
+  `id` int(255) NOT NULL AUTO_INCREMENT,
+  `session` varchar(255) CHARACTER SET gbk NOT NULL,
+  `type` varchar(255) CHARACTER SET gbk NOT NULL,
+  `content` varchar(255) CHARACTER SET gbk NOT NULL,
+  `time` varchar(255) CHARACTER SET gbk NOT NULL,
+  `rank` int(11) NOT NULL,
+  `userid` varchar(255) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
+  PRIMARY KEY (`id`),
+  KEY `id` (`id`)
+) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;
+
+--
+-- 转存表中的数据 `wflow`
+--
+
+INSERT INTO `wflow` (`id`, `session`, `type`, `content`, `time`, `rank`, `userid`) VALUES
+(1, '4260545457986537762', '3', '&lt;p&gt;收到，正在处理。&lt;/p&gt;', '2016-12-03 19:42:03', 0, 'martin');
+
 /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
 /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
 /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
diff --git a/README.md b/README.md
index 9ace04c..596e559 100644
--- a/README.md
+++ b/README.md
@@ -1,13 +1,20 @@
-# 欢迎使用SRCMS·轻响应框架 V1.6正式版
-**SRCMS**是专门为中小企业和互联网产品创业团队打造的应急响应中心网站建站框架。有了它，如今你可以像使用办公软件一样容易，为你的企业建立起美观完备的安全应急响应中心
+# 欢迎使用SRCMS·轻响应框架 V1.8正式版
+**SRCMS**是专门为中小企业和互联网产品创业团队打造的应急响应中心网站建站框架。有了它，如今你可以像使用办公软件一样容易，为你的企业建立起美观完备的安全应急响应中心。
 > * **项目维护:** Martin Zhou
 > * **E-Mail**:1009465756@qq.com
-> * **官网:** http://www.src.pw
-> * **开发帮助文档:** http://t.cn/RbRirJt
 > * **QQ交流群：**132108046
+> * **最后更新日期：**2016-12-03
 
 ---
-##框架首次运行配置说明：
+##免责说明
+SRCMS仅为建站软件，任何使用本建站程序搭建的网站其运营的内容所产生的纠纷与本项目无关。 
+
+---
+##开源贡献说明
+本项目欢迎所有Github开源社区的同学贡献改进代码，让我们一起将SRCMS做的越来越好！ 
+
+---
+##框架首次运行配置说明（！第一次使用前请您仔细阅读以下内容！）：
 在进行下面的步骤之前，请您确保本地或服务器有运行PHP程序的环境（推荐环境:Apache+PHP5.0及以上[暂不能完美兼容PHP7]+MySQL），接下来您需要：
 
 * 第一步：通过Github代码托管页面将项目源代码下载
@@ -20,10 +27,23 @@
 
 * 第五步：打开./Application/Admin/Controller/LoginController.class.php,修改第59行sendMail方法内初始值1009465756@qq.com为您自己的安全邮箱。配置完成后，每次管理员登陆后台，该邮箱都将会接收到登陆日志。
 
-* 配置完成：基础配置全部完成，下面您就可以通过在浏览器内输入相应地址体验SRCMS（轻响应）了。
-
+* 配置完成：基础配置全部完成，下面您就可以通过在浏览器内输入相应地址体验SRCMS（轻响应）了。后台默认管理帐号为admin/amdin。
 ---
 ##版本更新日志
+
+#####2016-12-03（建议等级：推荐更新）
+* **修复** 后台无法查看生成的工单
+* **修复** 前端页面JS远程资源失效问题
+* **修复** 前台用户密码修改设计缺陷（Issued By 藏形匿影）
+* **优化** 多处代码提升二次开发可读性
+* **新增** 安全工单模块中动态更新功能
+
+#####2016-12-02（建议等级：推荐更新）
+* **修复** 一处前台越权漏洞
+* **修复** 前台验证码刷新无效问题
+* **修复** 后台用户管理逻辑缺陷
+* **新增** 用户密码存储加盐（Issued By 华软HRCMS团队）
+
 #####2016-01-26
 * **修复** 三处严重的前台个人中心安全问题(Issued By phithon)
 * **修复** 富文本过滤不严格的问题(Issued By mramydnei)
@@ -54,7 +74,7 @@
 
 ---
 ##框架BUG提交说明
-如果您在使用本框架或是二次开发中发现任何SRCMS的问题，都欢迎通过Github将问题issue给我
+如果您在使用本框架或是二次开发中发现任何SRCMS的问题，都欢迎通过Github将问题issue给我。 
 
 ---
 ##二次开发帮助说明
@@ -66,4 +86,4 @@
 
 * [ThinkPHP](http://www.thinkphp.cn/)
 * [ThinkAdmin](http://www.thinkphp.cn/code/1342.html) 
-* [Bootstarp](http://www.bootcss.com/)
+* [Bootstarp](http://www.bootcss.com/)
\ No newline at end of file
diff --git a/admin.php b/admin.php
index 181a707..0ba67de 100644
--- a/admin.php
+++ b/admin.php
@@ -1,13 +1,10 @@
 <?php
-// +----------------------------------------------------------------------
-// | ThinkPHP [ WE CAN DO IT JUST THINK ]
-// +----------------------------------------------------------------------
-// | Copyright (c) 2006-2014 http://thinkphp.cn All rights reserved.
-// +----------------------------------------------------------------------
-// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
-// +----------------------------------------------------------------------
-// | Author: liu21st <liu21st@gmail.com>
-// +----------------------------------------------------------------------
+/**
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
+ */
 
 // 应用入口文件
 
diff --git a/index.php b/index.php
index e2b0da8..ad7ad3a 100644
--- a/index.php
+++ b/index.php
@@ -1,13 +1,10 @@
 <?php
-// +----------------------------------------------------------------------
-// | ThinkPHP [ WE CAN DO IT JUST THINK ]
-// +----------------------------------------------------------------------
-// | Copyright (c) 2006-2014 http://thinkphp.cn All rights reserved.
-// +----------------------------------------------------------------------
-// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
-// +----------------------------------------------------------------------
-// | Author: liu21st <liu21st@gmail.com>
-// +----------------------------------------------------------------------
+/**
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
+ */
 
 // 应用入口文件
 
diff --git a/user.php b/user.php
index 4000560..6f1e76b 100644
--- a/user.php
+++ b/user.php
@@ -1,13 +1,10 @@
 <?php
-// +----------------------------------------------------------------------
-// | ThinkPHP [ WE CAN DO IT JUST THINK ]
-// +----------------------------------------------------------------------
-// | Copyright (c) 2006-2014 http://thinkphp.cn All rights reserved.
-// +----------------------------------------------------------------------
-// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
-// +----------------------------------------------------------------------
-// | Author: liu21st <liu21st@gmail.com>
-// +----------------------------------------------------------------------
+/**
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
+ */
 
 // 应用入口文件
 
@@ -20,7 +17,7 @@ if(version_compare(PHP_VERSION,'5.3.0','<'))  die('require PHP > 5.3.0 !');
 define('BIND_MODULE','User');
 
 // 开启调试模式 建议开发阶段开启 部署阶段注释或者设为false
-define('APP_DEBUG',False);
+define('APP_DEBUG',True);
 
 // 定义应用目录
 define('APP_PATH','./Application/');