diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index c0905e89c..905b2c41d 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -12,6 +12,7 @@ class ApplicationController < ActionController::Base
 
 	protect_from_forgery prepend: true, unless: -> { request.format.json? }
 
+	before_action :check_sign
 	before_action :user_setup
 	#before_action :check_account
 
@@ -20,6 +21,13 @@ class ApplicationController < ActionController::Base
 
 	helper_method :current_user
 
+	# 所有请求必须合法签名
+	def check_sign
+		timestamp = params[:timestamp]
+		sign = Digest::MD5.hexdigest("#{OPENKEY}#{timestamp}")
+		tip_exception(501, "请求不合理") if sign != params[:client_key]
+	end
+
 	# 全局配置参数
 	# 返回name对应的value
 	def edu_setting(name)
diff --git a/app/controllers/cooperative/base_controller.rb b/app/controllers/cooperative/base_controller.rb
index 51af05ed2..dfc99b7b8 100644
--- a/app/controllers/cooperative/base_controller.rb
+++ b/app/controllers/cooperative/base_controller.rb
@@ -16,7 +16,7 @@ class Cooperative::BaseController < ApplicationController
   private
 
   def current_laboratory
-    @_current_laboratory ||= Laboratory.find_by_subdomain(request.subdomain)
+    @_current_laboratory ||= (Laboratory.find_by_subdomain(request.subdomain) || Laboratory.first)
     # @_current_laboratory ||= Laboratory.find 1
   end
 
diff --git a/app/controllers/hack_user_lastest_codes_controller.rb b/app/controllers/hack_user_lastest_codes_controller.rb
index 641dcae2d..38238fea7 100644
--- a/app/controllers/hack_user_lastest_codes_controller.rb
+++ b/app/controllers/hack_user_lastest_codes_controller.rb
@@ -153,7 +153,7 @@ class HackUserLastestCodesController < ApplicationController
     when 'Java'
       content.scan(/.java.\d+/).map{|s| s.match(/\d+/)[0].to_i}.min
     when 'C', 'C++'
-      content.scan(/\d:\d+:/).map{|s| s.match(/\d+/)[0]}.min
+      content.scan(/\d:\d+:/).map{|s| s.match(/\d+/)[0].to_i}.min
     when 'Python'
       content.scan(/line \d+/).map{|s| s.match(/\d+/)[0].to_i}.min
     end
diff --git a/app/controllers/myshixuns_controller.rb b/app/controllers/myshixuns_controller.rb
index 255c0f42e..67bec877b 100644
--- a/app/controllers/myshixuns_controller.rb
+++ b/app/controllers/myshixuns_controller.rb
@@ -3,6 +3,7 @@ class MyshixunsController < ApplicationController
   before_action :find_myshixun, :except => [:training_task_status, :code_runinng_message]
   before_action :find_repo_name, :except => [:training_task_status, :code_runinng_message]
   skip_before_action :verify_authenticity_token, :only => [:html_content]
+  skip_before_action :check_sign, only:  [:training_task_status, :code_runinng_message]
 
   ## TPI关卡列表
   def challenges