diff --git a/Application/Sdk/Controller/BaseController.class.php b/Application/Sdk/Controller/BaseController.class.php
index dd727342..46b5398f 100644
--- a/Application/Sdk/Controller/BaseController.class.php
+++ b/Application/Sdk/Controller/BaseController.class.php
@@ -9,7 +9,7 @@ class BaseController extends RestController{
 		'Apple.apple_alipay_pay','Apple.apple_weixin_pay','User.get_alipay_zmxy_return',
 		'Apple.apple_platform_pay','Spend.notice','Apple.apple_union_pay','WapPay.wap_shortcut_pay',
 		'WapPay.shortcut_pay','WapPay.android_shortcut_pay','WapPay.wap_shortcut_pay','WapPay.wap_shortcut_pay',
-		'Apple.apple_weixin_pay','Ipa365','User.user_login','platform_coin_deduction','test',
+		'Apple.apple_weixin_pay','Ipa365','User.user_login','platform_coin_deduction','test','get_suspend'
 	];
 	// 不需要验证TOKEN的接口
 	protected $noNeedToken = [
@@ -17,18 +17,20 @@ class BaseController extends RestController{
 		'Jpush', 'LoginNotify', 'Notice', 'OA', 'OTP', 'OTPServer', 'Pay', 'Payios', 'PointShop', 'Spend',
 		'User', 'WapPay', 'Wechat', 'XinJiApi'
 	];
+	// 验证token得到的user H5页面使用
+	protected $user;
 	
     protected function _initialize(){
        	C(api('Config/lists'));
         
        	$c = CONTROLLER_NAME;
        	$a = ACTION_NAME;
-       	
+       	$data = json_decode ( base64_decode ( file_get_contents ( "php://input" ) ), true );
+       		
        	if (!(in_array($c, $this->noNeedGame) || in_array($a, $this->noNeedGame) || in_array($c.".".$a, $this->noNeedGame))) {
 			/*
 			 * if( !preg_match("/apple_alipay_pay/",GetCurUrl()) &&!preg_match("/apple_weixin_pay/",GetCurUrl()) &&!preg_match("/get_alipay_zmxy_return/",GetCurUrl()) &&!preg_match("/apple_platform_pay/",GetCurUrl()) &&!preg_match("/notice/",GetCurUrl()) &&!preg_match("/apple_union_pay/",GetCurUrl()) &&!preg_match("/test/",GetCurUrl()) &&!preg_match("/wap_shortcut_pay/",GetCurUrl()) &&!preg_match("/shortcut_pay/",GetCurUrl()) &&!preg_match("/android_shortcut_pay/",GetCurUrl()) &&!preg_match("/wap_shortcut_pay/",GetCurUrl()) &&!preg_match("/apple_weixin_pay/",GetCurUrl()) &&!preg_match("/Ipa365/",GetCurUrl()) &&!preg_match("/user_login/",GetCurUrl()) &&!preg_match("/platform_coin_deduction/",GetCurUrl()) ){
 			 */
-			$data = json_decode ( base64_decode ( file_get_contents ( "php://input" ) ), true );
 			// #判断数据是否为空
 			if (empty ( $data ) || empty ( $data ['game_id'] )) {
 				echo base64_encode ( json_encode ( array (
@@ -37,6 +39,12 @@ class BaseController extends RestController{
 				) ) );
 				exit ();
 			}
+			
+			/* if (!$data['timestamp'] || !$data['nonce']) {
+				re_msg(10, "参数不足", $data);
+			} */
+			
+			
             $md5Sign = $data['md5_sign'];
             unset($data['md5_sign']);
 
@@ -51,12 +59,21 @@ class BaseController extends RestController{
 			
             if (isset($data['openid'])) // 小程序支付增加参数
             	unset($data['openid']);
+            
             $md5_sign = $this->encrypt_md5($data,$game_data["access_key"]);//mengchuang DZQkkiz!@#9527
             if($md5Sign !== $md5_sign){
                 $this->set_message(0,"fail","验签失败");
             }
 
         }
+        
+        // 验证token  获取登入用户
+        if (!(in_array($c, $this->noNeedToken) || in_array($a, $this->noNeedToken) || in_array($c.".".$a, $this->noNeedToken))) {
+        	$this->user = M("user", "tab_")->where(['user_token' => $data['user_token']])->find();
+        	if (!$this->user) {
+        		
+        	}
+        }
     }