diff --git a/control/index.php b/control/index.php
index 804d8a1..80b5da0 100644
--- a/control/index.php
+++ b/control/index.php
@@ -217,6 +217,9 @@ class index extends publicBase {
         if (empty($uid) || empty($token)) $this->ajax_json(false, '未登录或登录已经失效', array('code' => CODE_LOGIN_EXIPRE));
 
         $obj = new mUser();
+        $is_login = $obj->validateToken($uid, $token);
+        if (!$is_login) $this->ajax_json(false, '请登录后操作');
+
         $uinfo = $obj->getUserByUid($uid);
         if (empty($uinfo)) $this->ajax_json(false, '未登录或登录已经失效', array('code' => CODE_LOGIN_EXIPRE));