diff --git a/app/Http/Admin/Controllers/Controller.php b/app/Http/Admin/Controllers/Controller.php
index 058bfa77..25899d50 100644
--- a/app/Http/Admin/Controllers/Controller.php
+++ b/app/Http/Admin/Controllers/Controller.php
@@ -21,6 +21,17 @@ class Controller extends \Phalcon\Mvc\Controller
 
     public function beforeExecuteRoute(Dispatcher $dispatcher)
     {
+        /**
+         * demo分支拒绝数据提交
+         */
+        if ($this->isNotSafeRequest()) {
+            $dispatcher->forward([
+                'controller' => 'public',
+                'action' => 'forbidden',
+            ]);
+            return false;
+        }
+
         if ($this->isNotSafeRequest()) {
             $this->checkHttpReferer();
             $this->checkCsrfToken();
diff --git a/app/Http/Admin/Services/Setting.php b/app/Http/Admin/Services/Setting.php
index 3d2130fd..d6d46164 100644
--- a/app/Http/Admin/Services/Setting.php
+++ b/app/Http/Admin/Services/Setting.php
@@ -87,8 +87,16 @@ class Setting extends Service
 
         $result = [];
 
+        /**
+         * demo分支过滤敏感数据
+         */
         if ($items->count() > 0) {
             foreach ($items as $item) {
+                $case1 = preg_match('/(id|auth|key|secret|password|pwd)$/', $item->item_key);
+                $case2 = $this->dispatcher->getControllerName() == 'setting';
+                if ($case1 && $case2) {
+                    $item->item_value = '***';
+                }
                 $result[$item->item_key] = $item->item_value;
             }
         }
diff --git a/app/Http/Admin/Views/templates/main.volt b/app/Http/Admin/Views/templates/main.volt
index 6b70ff60..8803b2a0 100644
--- a/app/Http/Admin/Views/templates/main.volt
+++ b/app/Http/Admin/Views/templates/main.volt
@@ -23,5 +23,11 @@
 {% block include_js %}{% endblock %}
 {% block inline_js %}{% endblock %}
 
+{% set site = setting('site') %}
+
+{% if site['analytics_enabled'] == 1 %}
+    {{ site['analytics_script'] }}
+{% endif %}
+
 </body>
 </html>
\ No newline at end of file
diff --git a/app/Http/Home/Controllers/ConnectController.php b/app/Http/Home/Controllers/ConnectController.php
index 10c11e4c..708e3e81 100644
--- a/app/Http/Home/Controllers/ConnectController.php
+++ b/app/Http/Home/Controllers/ConnectController.php
@@ -117,11 +117,13 @@ class ConnectController extends Controller
         $openUser = $service->getOpenUserInfo($code, $state, $provider);
         $connect = $service->getConnectRelation($openUser['id'], $openUser['provider']);
 
-        if ($connect) {
-            if ($this->authUser->id > 0) {
+        if ($this->authUser->id > 0) {
+            if ($openUser) {
                 $service->bindUser($openUser);
                 return $this->response->redirect(['for' => 'home.uc.account']);
-            } else {
+            }
+        } else {
+            if ($connect && $connect->deleted == 0) {
                 $service->authLogin($connect);
                 return $this->response->redirect(['for' => 'home.index']);
             }
diff --git a/app/Services/OAuth/QQ.php b/app/Services/OAuth/QQ.php
index 2c59f144..4e2ba114 100644
--- a/app/Services/OAuth/QQ.php
+++ b/app/Services/OAuth/QQ.php
@@ -36,7 +36,7 @@ class QQ extends OAuth
             'grant_type' => 'authorization_code',
         ];
 
-        $response = $this->httpPost(self::ACCESS_TOKEN_URL, $params);
+        $response = $this->httpGet(self::ACCESS_TOKEN_URL, $params);
 
         $this->accessToken = $this->parseAccessToken($response);