diff --git a/checkin.html b/checkin.html
deleted file mode 100644
index ffdbaa0..0000000
--- a/checkin.html
+++ /dev/null
@@ -1,84 +0,0 @@
-<html>
-<head>
-<title>Ushio Auth</title>
-<script src="https://cdn.jsdelivr.net/npm/fp3@3.0.3/dist/fp.min.js"></script>
-<script>
-/* func define */
-var cookie={set:function(e,r,a){if(a==undefined)var a=3e3;var t=new Date;t.setTime(t.getTime()+a*24*60*60*1e3);document.cookie=e+"="+escape(r)+";expires="+t.toGMTString()+";path=/"},get:function(e){var r,a=new RegExp("(^| )"+e+"=([^;]*)(;|$)");if(r=document.cookie.match(a)){return unescape(r[2])}else{return null}},del:function(e){var r=new Date;r.setTime(r.getTime()-1);var a,t=new RegExp("(^| )"+e+"=([^;]*)(;|$)");if(a=document.cookie.match(t)){var n=unescape(a[2])}else{var n=null}if(n!=null){document.cookie=e+"="+n+";expires="+r.toGMTString()}}}
-
-function getQueryString(name) {
-    let reg = new RegExp("(^|&)" + name + "=([^&]*)(&|$)", "i");
-    let r = window.location.search.substr(1).match(reg);
-    if (r != null) {
-        return decodeURIComponent(r[2]);
-    };
-    return null;
-}
-function randomStr(length) {
-    var result = '', chars = '0123456789abcdefghijklmnopqrstuvwxyz';
-    for (var i = length; i > 0; --i) result += chars[Math.floor(Math.random() * chars.length)];
-    return result;
-}
-
-
-
-/* get Ip */
-var ip = '';
-function getIp(){
-    return new Promise((resolve, reject)=>{
-        var ajax = new XMLHttpRequest();
-        ajax.onreadystatechange = function(){
-            if(ajax.readyState == 4 && ajax.status == 200){
-                var data = JSON.parse(ajax.responseText);
-                ip = data.ip;
-                resolve(ip);
-            }
-        }
-        ajax.open('get','https://log.yimian.xyz/iis.php');
-        ajax.send(null);
-    });
-}
-
-
-/* get father page mask */
-var mask = getQueryString('mask');
-
-/* break cookie rule */
-document.cookie = 'cross-site-cookie2=noneCookie; SameSite=None; Secure';
-var isCrossDomain = true;
-cookie.set('_icd', '15');
-if(cookie.get('_icd') == '15'){
-    isCrossDomain = false;
-}
-
-
-var token = '';
-console.log(cookie.get('_token'))
-/* get local token */
-if(cookie.get('_token')){
-    token = cookie.get('_token');
-}else{
-    if(!isCrossDomain){
-      token = randomStr(64);    
-      cookie.set('_token', token);
-    }
-}
-
-
-/* web request */
-;(async function(){
-    var ajax = new XMLHttpRequest();
-    var fp_v = await fp;
-    var ip = await getIp();
-    if(token){
-        ajax.open('get','checkin.php?fp='+fp_v+'&token='+token+'&mask='+mask+'&ip='+ip);
-        if(fp_v && mask && token) ajax.send(null);
-    }else{ 
-        ajax.open('get','checkin.php?fp='+fp_v+'&ip='+ip+'&mask='+mask);
-        if(fp_v && mask && ip) ajax.send(null);
-    }
-})()
-</script>
-</head>
-<body></body>
-</html>
diff --git a/checkin.php b/checkin.php
index 9c8bdd4..ba4ead4 100644
--- a/checkin.php
+++ b/checkin.php
@@ -1,62 +1,48 @@
 <?php
 include './functions.php';
 
-$redis = new redis();
-$redis->connect('redis',6379);
 
 
-$fp = $_REQUEST['fp'];
-$mask = $_REQUEST['mask'];
-$token = $_REQUEST['token'];
-$ip = $_REQUEST['ip'];
-if(!isset($fp)) die();
-if(!isset($mask)) die();
+$hash = $_REQUEST['token'];
+$from = $_REQUEST['from'];
+if(!isset($hash)) die();
+if(!isset($from)) die();
 
-
-$id = md5($fp.$mask);
-
-
-if(isset($token) && isset($ip)){
-    $fip = md5($fp.$ip);
-    $redis->set('auth/fip/'.$fip, $token);
-    $redis->expire('auth/fip/'.$fip, 3600*72);
+if(strlen($hash) != 64){
+    echo "<script>alert('Illegal Hash!!');window.location.href='https://login.yimian.xyz/'</script>";
+    die();
 }
 
-if(isset($ip) && !isset($token)){
-    $fip = md5($fp.$ip);
-    if($redis->exists('auth/fip/'.$fip)){
-        $token = $redis->get('auth/fip/'.$fip);
-    }else{
-        die();
-    }
-}
 
-if(!$redis->exists('auth/token/'.$token)){
-    $redis->set('session/redirect/'.$id, $token);
-    if(!$redis->exists('session/dialog/'.$token)){
-        $redis->hSet('session/dialog/'.$token, "group", "anonymous");
-    }
-    echo $token;
-    die();
+$token = $_COOKIE['_token'];
+if(!isset($token)){
+    $token = hash('sha256', time().$from.$hash);
+    setcookie("_token", $token, time()+60*60*24*30*6);
 }
 
+
 $cnn = db__connect();
-$hash =  $redis->get('auth/token/'.$token);
-if(!db__rowNum($cnn, "account", "hash", $hash)){
-    $redis->set('session/redirect/'.$id, $token);
-    $redis->del('auth/token/'.$token);
-    if(!$redis->exists('session/dialog/'.$token)){
-        $redis->hSet('session/dialog/'.$token, "group", "anonymous");
-    }
+
+if(db__rowNum($cnn, "token", "token", $token)){
+    db__pushData($cnn, "token", array(
+        "hash"=>$hash,
+        "updated_at"=>date("Y-m-d H:i:s", time()),
+        "state"=>'1'
+    ), array(
+        "token"=>$token
+    ));
 }else{
-    $redis->set('session/redirect/'.$id, $token);
-    if(!$redis->exists('session/dialog/'.$hash)){
-        $data = db__getData($cnn, "account", "hash", $hash);
-        foreach($data[0] as $key=>$val){
-            $redis->hSet('session/dialog/'.$hash, $key, $val);
-        }
-    }
+    db__pushData($cnn, "token", array(
+        "hash"=>$hash,
+        "token"=>$token,
+        "created_at"=>date("Y-m-d H:i:s", time()),
+        "state"=>'1'
+    ));
 }
 
-echo $token;
 
+
+echo '<html><head><script>block_aplayer = true;</script><script src="https://cdn.yimian.xyz/ushio-js/ushio-head.min.js"></script>';
+echo '<script src="https://cdn.yimian.xyz/ushio-js/ushio-footer.min.js"></script>';
+echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Ushio Auth - set token</title><meta name=viewport content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=no"><meta name="keywords" content="iotcat,呓喵酱,yimian"><link rel="shortcut icon" href="https://cdn.yimian.xyz/img/head/head3r.ico"><style type="text/css">.chromeframe{margin:.2em 0;background:#ccc;color:#000;padding:.2em 0}#loader-wrapper{position:fixed;top:0;left:0;width:100%;height:100%;z-index:999999}#loader{display:block;position:relative;left:50%;top:50%;width:150px;height:150px;margin:-75px 0 0 -75px;border-radius:50%;border:3px solid transparent;border-top-color:#FFF;-webkit-animation:spin 2s linear infinite;-ms-animation:spin 2s linear infinite;-moz-animation:spin 2s linear infinite;-o-animation:spin 2s linear infinite;animation:spin 2s linear infinite;z-index:1001}#loader:before{content:"";position:absolute;top:5px;left:5px;right:5px;bottom:5px;border-radius:50%;border:3px solid transparent;border-top-color:#FFF;-webkit-animation:spin 3s linear infinite;-moz-animation:spin 3s linear infinite;-o-animation:spin 3s linear infinite;-ms-animation:spin 3s linear infinite;animation:spin 3s linear infinite}#loader:after{content:"";position:absolute;top:15px;left:15px;right:15px;bottom:15px;border-radius:50%;border:3px solid transparent;border-top-color:#FFF;-moz-animation:spin 1.5s linear infinite;-o-animation:spin 1.5s linear infinite;-ms-animation:spin 1.5s linear infinite;-webkit-animation:spin 1.5s linear infinite;animation:spin 1.5s linear infinite}@-webkit-keyframes spin{0%{-webkit-transform:rotate(0deg);-ms-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(360deg);-ms-transform:rotate(360deg);transform:rotate(360deg)}}@keyframes spin{0%{-webkit-transform:rotate(0deg);-ms-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(360deg);-ms-transform:rotate(360deg);transform:rotate(360deg)}}#loader-wrapper .loader-section{position:fixed;top:0;width:51%;height:100%;background:#1abc9c;z-index:1000;-webkit-transform:translateX(0);-ms-transform:translateX(0);transform:translateX(0)}#loader-wrapper .loader-section.section-left{left:0}#loader-wrapper .loader-section.section-right{right:0}#loader-wrapper .load_title{font-family:"Open Sans";color:#FFF;font-size:19px;width:100%;text-align:center;z-index:9999999999999;position:absolute;top:60%;opacity:1;line-height:30px}#loader-wrapper .load_title span{font-weight:normal;font-style:italic;font-size:13px;color:#FFF;opacity:.5}</style></head><body><div id="loader-wrapper" ><div id="loader"></div><div class="loader-section section-left"></div><div class="loader-section section-right"></div><div class="load_title">正在检测您的设备安全( • ̀ω•́ )✧<br><span id="ino">Anti-DDOS..</span></div></div><script>function newUrl(url){if(url.indexOf("?")==-1){if(url.indexOf("#")==-1){return url+"?t="+(new Date).valueOf()}else{return url.slice(0,url.indexOf("#"))+"?t="+(new Date).valueOf()+url.slice(url.indexOf("#"))}}else{if(url.indexOf("#")==-1){return url+"&t="+(new Date).valueOf()}else{return url.slice(0,url.indexOf("#"))+"&t="+(new Date).valueOf()+url.slice(url.indexOf("#"))}}};setTimeout(function(res){document.getElementById("info").innerHTML="Network Checking..";setTimeout(function(res){document.getElementById("info").innerHTML="Decide Best Strategy..";setTimeout(function(res){document.getElementById("info").innerHTML="Connecting..";setTimeout(function(res){document.getElementById("info").innerHTML="Loading.."},600)},800)},800)},800);</script>';
+echo "<script>session.onload(()=>{window.location.href='$from'});</script></body></html>";
diff --git a/checkout.php b/checkout.php
index c93c96d..8d4b983 100644
--- a/checkout.php
+++ b/checkout.php
@@ -7,12 +7,11 @@ $cnn = db__connect();
 
 if(isset($_COOKIE['_token']) && db__rowNum($cnn, "token", "token", $_COOKIE['_token'])){
     db__pushData($cnn, "token", array(
-        "state"=>'0'
+        "state"=>'0',
+        "updated_at"=>date("Y-m-d H:i:s", time())
     ), array(
         "token"=>$_COOKIE['_token']
     ));
-
 }
 
-setcookie("_token", "", time()-3600);
 echo '<script>window.location.href="https://login.yimian.xyz/"</script>';
diff --git a/functions.php b/functions.php
index 153f9af..6670a65 100755
--- a/functions.php
+++ b/functions.php
@@ -3,6 +3,11 @@ include '/mnt/config/dbKeys/auth.php';
 include '/mnt/config/php/config.php';
 /**database connection**/
 
+
+$redis = new redis();
+$redis->connect('redis',6379);
+
+
 //connect to database
 function db__connect($servername="",$username="",$password="",$dbname="")
 {
@@ -37,7 +42,7 @@ function db__connect($servername="",$username="",$password="",$dbname="")
 }
 
 //get table row number::(data_cnnct var,table name) ::(row number)
-function db__rowNum($conn,$table,$clmnName="",$value="",$clmnName2="",$value2="")
+function db__rowNum($conn,$table,$clmnName="",$value="",$clmnName2="",$value2="",$clmnName3="",$value3="",$clmnName4="",$value4="")
 {
 	
 	$table=db__antisql($table);
@@ -49,7 +54,9 @@ function db__rowNum($conn,$table,$clmnName="",$value="",$clmnName2="",$value2=""
 	
 	if($clmnName=="") $sql = "SELECT COUNT(*) FROM $table";
 	elseif($clmnName2=="") $sql = "SELECT COUNT(*) FROM $table where $clmnName='$value'";
-	else $sql = "SELECT COUNT(*) FROM $table where $clmnName='$value' AND $clmnName2='$value2'";
+	elseif($clmnName3=="") $sql = "SELECT COUNT(*) FROM $table where $clmnName='$value' AND $clmnName2='$value2'";
+	elseif($clmnName4=="") $sql = "SELECT COUNT(*) FROM $table where $clmnName='$value' AND $clmnName2='$value2' AND $clmnName3='$value3'";
+    else $sql = "SELECT COUNT(*) FROM $table where $clmnName='$value' AND $clmnName2='$value2' AND $clmnName3='$value3' AND $clmnName4='$value4'";
 	
 	$row_count = $conn->query($sql);   
 	list($row_num) = $row_count->fetch_row(); 
diff --git a/index.html b/index.html
deleted file mode 100644
index fbf2d0b..0000000
--- a/index.html
+++ /dev/null
@@ -1 +0,0 @@
-<script>window.location.href="https://ushio.cool/"</script>
diff --git a/setToken.php b/index.php
similarity index 79%
rename from setToken.php
rename to index.php
index ef7d47a..9dfebe7 100644
--- a/setToken.php
+++ b/index.php
@@ -1,27 +1,44 @@
 <?php
 include './functions.php';
 
-$redis = new redis();
-$redis->connect('redis',6379);
+$from = $_REQUEST['from'];
+
 
-if (isset($_COOKIE["_token"])){
-    $redis->del('auth/token/'.$_COOKIE['_token']);
+/* deal from */
+if(!isset($from)){
+    $from = 'https://ushio.cool/';
+}else{
+    try{
+        $from = base64_decode($from);
+    }catch(Exception $e){}
 }
 
-$token = $_REQUEST['token'];
-$from = $_REQUEST['from'];
-if(!isset($token)) die();
-if(!isset($from)) die();
 
-if(strlen($token) < 60 || !$redis->exists('auth/token/'.$token)){
-    echo "<script>alert('Illegal Token!!');window.location.href='https://login.yimian.xyz/'</script>";
-    die();
-}
 
-setcookie("_token", $token, time()+60*60*24*30*6);
+/* deal with none local token */
+if (!isset($_COOKIE["_token"])){
+    $token = hash('sha256', $from.time());
+    setcookie("_token", $token, time()+6*30*24*3600);
+}else{
+    $token = $_COOKIE['_token'];
+}
 
+/* set tmp seed */
+$seed = hash('sha256', time().$from);
+$redis->set('auth/seed/'.$seed, $token);
+$redis->expire('auth/seed/'.$seed, 30);
 
-echo '<html><head><script src="https://cdn.yimian.xyz/ushio-js/ushio-head.min.js"></script>';
+echo '<html><head><script>block_aplayer = true;</script><script src="https://cdn.yimian.xyz/ushio-js/ushio-head.min.js"></script>';
 echo '<script src="https://cdn.yimian.xyz/ushio-js/ushio-footer.min.js"></script>';
 echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Ushio Auth</title><meta name=viewport content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=no"><meta name="keywords" content="iotcat,呓喵酱,yimian"><link rel="shortcut icon" href="https://cdn.yimian.xyz/img/head/head3r.ico"><style type="text/css">.chromeframe{margin:.2em 0;background:#ccc;color:#000;padding:.2em 0}#loader-wrapper{position:fixed;top:0;left:0;width:100%;height:100%;z-index:999999}#loader{display:block;position:relative;left:50%;top:50%;width:150px;height:150px;margin:-75px 0 0 -75px;border-radius:50%;border:3px solid transparent;border-top-color:#FFF;-webkit-animation:spin 2s linear infinite;-ms-animation:spin 2s linear infinite;-moz-animation:spin 2s linear infinite;-o-animation:spin 2s linear infinite;animation:spin 2s linear infinite;z-index:1001}#loader:before{content:"";position:absolute;top:5px;left:5px;right:5px;bottom:5px;border-radius:50%;border:3px solid transparent;border-top-color:#FFF;-webkit-animation:spin 3s linear infinite;-moz-animation:spin 3s linear infinite;-o-animation:spin 3s linear infinite;-ms-animation:spin 3s linear infinite;animation:spin 3s linear infinite}#loader:after{content:"";position:absolute;top:15px;left:15px;right:15px;bottom:15px;border-radius:50%;border:3px solid transparent;border-top-color:#FFF;-moz-animation:spin 1.5s linear infinite;-o-animation:spin 1.5s linear infinite;-ms-animation:spin 1.5s linear infinite;-webkit-animation:spin 1.5s linear infinite;animation:spin 1.5s linear infinite}@-webkit-keyframes spin{0%{-webkit-transform:rotate(0deg);-ms-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(360deg);-ms-transform:rotate(360deg);transform:rotate(360deg)}}@keyframes spin{0%{-webkit-transform:rotate(0deg);-ms-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(360deg);-ms-transform:rotate(360deg);transform:rotate(360deg)}}#loader-wrapper .loader-section{position:fixed;top:0;width:51%;height:100%;background:#1abc9c;z-index:1000;-webkit-transform:translateX(0);-ms-transform:translateX(0);transform:translateX(0)}#loader-wrapper .loader-section.section-left{left:0}#loader-wrapper .loader-section.section-right{right:0}#loader-wrapper .load_title{font-family:"Open Sans";color:#FFF;font-size:19px;width:100%;text-align:center;z-index:9999999999999;position:absolute;top:60%;opacity:1;line-height:30px}#loader-wrapper .load_title span{font-weight:normal;font-style:italic;font-size:13px;color:#FFF;opacity:.5}</style></head><body><div id="loader-wrapper" ><div id="loader"></div><div class="loader-section section-left"></div><div class="loader-section section-right"></div><div class="load_title">正在检测您的设备安全( • ̀ω•́ )✧<br><span id="ino">Anti-DDOS..</span></div></div><script>function newUrl(url){if(url.indexOf("?")==-1){if(url.indexOf("#")==-1){return url+"?t="+(new Date).valueOf()}else{return url.slice(0,url.indexOf("#"))+"?t="+(new Date).valueOf()+url.slice(url.indexOf("#"))}}else{if(url.indexOf("#")==-1){return url+"&t="+(new Date).valueOf()}else{return url.slice(0,url.indexOf("#"))+"&t="+(new Date).valueOf()+url.slice(url.indexOf("#"))}}};setTimeout(function(res){document.getElementById("info").innerHTML="Network Checking..";setTimeout(function(res){document.getElementById("info").innerHTML="Decide Best Strategy..";setTimeout(function(res){document.getElementById("info").innerHTML="Connecting..";setTimeout(function(res){document.getElementById("info").innerHTML="Loading.."},600)},800)},800)},800);</script>';
-echo "<script>session.onload(()=>{window.location.href='$from'});</script></body></html>";
+echo "<script>session.onload(()=>{
+    $.get('/setFip.php?seed=$seed&fp='+page.fp+'&ip='+page.ip, (res)=>{
+        if(res.code == 200){
+            window.location.href='$from';
+            return;
+}else if(res.code == 500){
+    cookie.del('_token');
+}
+    window.location.reload();
+});
+});</script></body></html>";
diff --git a/setFip.php b/setFip.php
new file mode 100644
index 0000000..df27ccf
--- /dev/null
+++ b/setFip.php
@@ -0,0 +1,48 @@
+<?php
+
+include './functions.php';
+
+$seed = $_REQUEST['seed'];
+$ip = $_REQUEST['ip'];
+$fp = $_REQUEST['fp'];
+
+if(!isset($seed) || strlen($seed)!=64 || !isset($ip) || strlen($ip)<8 || strlen($ip)>16 || !isset($fp) || strlen($fp)!=6) {
+    header('status: 505 Illegal Params');
+    die();
+};
+
+
+header("Content-Type: application/json;charset=utf-8");
+
+$fip = md5($fp.$ip);
+
+
+// bad seed
+if(!$redis->exists('auth/seed/'.$seed)){
+    echo json_encode(array(
+        "code"=>400,
+        "message"=>"Bad Seed!"
+    ));
+    die();
+}
+
+
+$token = $redis->get('auth/seed/'.$seed);
+
+//bad token
+if(strlen($token)!=64){
+    echo json_encode(array(
+        "code"=>500,
+        "message"=>"Bad token!"
+    ));
+    die();
+}
+
+
+//good
+$redis->set('auth/fip/'.$fip, $token);
+$redis->expire('auth/fip/'.$fip, 60);
+echo json_encode(array(
+    "code"=>200
+));
+
diff --git a/who.php b/who.php
new file mode 100644
index 0000000..531c1c3
--- /dev/null
+++ b/who.php
@@ -0,0 +1,86 @@
+<?php
+
+header('Access-Control-Allow-Origin:*');
+
+include './functions.php';
+
+$mask = $_REQUEST['mask'];
+$ip = $_REQUEST['ip'];
+$fp = $_REQUEST['fp'];
+
+if(!isset($mask) || strlen($mask)!=64 || !isset($ip) || strlen($ip)<8 || strlen($ip)>16 || !isset($fp) || strlen($fp)!=6) {
+    header('status: 505 Illegal Params');
+    die();
+};
+
+/* special php program */
+set_time_limit(0);
+ob_end_clean();
+header("Connection: close");
+header("HTTP/1.1 200 OK");
+header("Content-Type: application/json;charset=utf-8");
+header('Access-Control-Allow-Origin:*');
+ob_start();
+
+
+
+$cnn = db__connect();
+
+if(db__rowNum($cnn, "mask", "mask", $mask)){
+    $token = db__getData($cnn, "mask", "mask", $mask)[0]['token'];
+    echo json_encode(array(
+        "code"=> 200
+    ));
+}else{
+    $fip = md5($fp.$ip);
+    if($redis->exists('auth/fip/'.$fip)){
+        $token = $redis->get('auth/fip/'.$fip);
+        db__pushData($cnn, "mask", array(
+            "mask"=>$mask,
+            "token"=>$token,
+            "created_at"=>date("Y-m-d H:i:s", time())
+        ), array(
+            "mask"=>$mask
+        ));        
+        echo json_encode(array(
+            "code"=> 200
+        ));
+    }else{
+        echo json_encode(array(
+            "code"=> 404
+        ));
+    }
+    die();
+}
+
+
+/* close connection */
+ob_end_flush();
+flush();
+if (function_exists("fastcgi_finish_request")) {
+    fastcgi_finish_request();
+}
+sleep(2);
+ignore_user_abort(true);
+set_time_limit(0);
+
+if(db__rowNum($cnn, "fip", "token", $token, "mask", $mask, "fp", $fp, "ip", $ip)){
+    db__pushData($cnn, "fip", array(
+        "updated_at"=>date("Y-m-d H:i:s", time())
+    ), array(
+        "token"=>$token,
+        "mask"=>$mask,
+        "fp"=>$fp,
+        "ip"=>$ip
+    ));
+}else{
+    db__pushData($cnn, "fip", array(
+        "token"=>$token,
+        "mask"=>$mask,
+        "fp"=>$fp,
+        "ip"=>$ip,
+        "created_at"=>date("Y-m-d H:i:s", time())
+    ));
+}
+
+die();