diff --git a/application/admin/controller/Ajax.php b/application/admin/controller/Ajax.php
index ed8d80e..d7b4d00 100644
--- a/application/admin/controller/Ajax.php
+++ b/application/admin/controller/Ajax.php
@@ -65,10 +65,16 @@ class Ajax extends Backend
         $suffix = strtolower(pathinfo($fileInfo['name'], PATHINFO_EXTENSION));
         $suffix = $suffix ? $suffix : 'file';
 
-        $mimetypeArr = explode(',', $upload['mimetype']);
+        $mimetypeArr = explode(',', strtolower($upload['mimetype']));
         $typeArr = explode('/', $fileInfo['type']);
+
         //验证文件后缀
-        if ($upload['mimetype'] !== '*' && !in_array($suffix, $mimetypeArr) && !in_array($fileInfo['type'], $mimetypeArr) && !in_array($typeArr[0] . '/*', $mimetypeArr)) {
+        if ($upload['mimetype'] !== '*' &&
+            (
+                !in_array($suffix, $mimetypeArr)
+                || (stripos($typeArr[0] . '/', $upload['mimetype']) !== false && (!in_array($fileInfo['type'], $mimetypeArr) && !in_array($typeArr[0] . '/*', $mimetypeArr)))
+            )
+        ) {
             $this->error(__('Uploaded file format is limited'));
         }
         $replaceArr = [
diff --git a/application/api/controller/Common.php b/application/api/controller/Common.php
index 5df8329..4b87f5f 100644
--- a/application/api/controller/Common.php
+++ b/application/api/controller/Common.php
@@ -75,11 +75,16 @@ class Common extends Api
         $suffix = strtolower(pathinfo($fileInfo['name'], PATHINFO_EXTENSION));
         $suffix = $suffix ? $suffix : 'file';
 
-        $mimetypeArr = explode(',', $upload['mimetype']);
+        $mimetypeArr = explode(',', strtolower($upload['mimetype']));
         $typeArr = explode('/', $fileInfo['type']);
+
         //验证文件后缀
-        if ($upload['mimetype'] !== '*' && !in_array($suffix, $mimetypeArr) && !in_array($fileInfo['type'], $mimetypeArr) && !in_array($typeArr[0] . '/*', $mimetypeArr))
-        {
+        if ($upload['mimetype'] !== '*' &&
+            (
+                !in_array($suffix, $mimetypeArr)
+                || (stripos($typeArr[0] . '/', $upload['mimetype']) !== false && (!in_array($fileInfo['type'], $mimetypeArr) && !in_array($typeArr[0] . '/*', $mimetypeArr)))
+            )
+        ) {
             $this->error(__('Uploaded file format is limited'));
         }
         $replaceArr = [
diff --git a/application/common/library/Auth.php b/application/common/library/Auth.php
index b2b8487..382ea97 100644
--- a/application/common/library/Auth.php
+++ b/application/common/library/Auth.php
@@ -416,7 +416,7 @@ class Auth
         $data = $this->_user->toArray();
         $allowFields = $this->getAllowFields();
         $userinfo = array_intersect_key($data, array_flip($allowFields));
-        $userinfo['token'] = $this->getToken();
+        $userinfo = array_merge($userinfo, Token::get($this->_token));
         return $userinfo;
     }
 
diff --git a/application/common/library/token/driver/Mysql.php b/application/common/library/token/driver/Mysql.php
index c61fcd6..24f0827 100644
--- a/application/common/library/token/driver/Mysql.php
+++ b/application/common/library/token/driver/Mysql.php
@@ -47,7 +47,7 @@ class Mysql extends Driver
      */
     public function set($token, $user_id, $expire = null)
     {
-        $expiretime = !is_null($expire) ? time() + $expire : ($expire === 0 ? 0 : time() + $this->options['expire']);
+        $expiretime = !is_null($expire) && $expire !== 0 ? time() + $expire : 0;
         $token = $this->getEncryptedToken($token);
         $this->handler->insert(['token' => $token, 'user_id' => $user_id, 'createtime' => time(), 'expiretime' => $expiretime]);
         return TRUE;
@@ -66,7 +66,7 @@ class Mysql extends Driver
                 //返回未加密的token给客户端使用
                 $data['token'] = $token;
                 //返回剩余有效时间
-                $data['expired_in'] = $this->getExpiredIn($data['expiretime']);
+                $data['expires_in'] = $this->getExpiredIn($data['expiretime']);
                 return $data;
             } else {
                 self::delete($token);
diff --git a/application/config.php b/application/config.php
index 375c9e2..6c656f9 100755
--- a/application/config.php
+++ b/application/config.php
@@ -260,7 +260,7 @@ return [
         //是否开启前台会员中心
         'usercenter'          => true,
         //登录验证码
-        'login_captcha'       => true,
+        'login_captcha'       => false,
         //登录失败超过10则1天后重试
         'login_failure_retry' => true,
         //是否同一账号同一时间只能在一个地方登录
@@ -270,7 +270,7 @@ return [
         //自动检测更新
         'checkupdate'         => false,
         //版本号
-        'version'             => '1.0.0.20180406_beta',
+        'version'             => '1.0.0.20180417_beta',
         //API接口地址
         'api_url'             => 'https://api.fastadmin.net',
     ],
diff --git a/application/extra/upload.php b/application/extra/upload.php
index e04fd0c..5bfa25d 100644
--- a/application/extra/upload.php
+++ b/application/extra/upload.php
@@ -21,7 +21,7 @@ return [
     /**
      * 可上传的文件类型
      */
-    'mimetype'  => '*',
+    'mimetype'  => 'jpg,png,bmp,jpeg,gif,zip,rar,xls,xlsx',
     /**
      * 是否支持批量上传
      */
diff --git a/public/assets/js/require-backend.min.js b/public/assets/js/require-backend.min.js
index fb550ff..5105119 100644
--- a/public/assets/js/require-backend.min.js
+++ b/public/assets/js/require-backend.min.js
@@ -9701,7 +9701,7 @@ define('table',['jquery', 'bootstrap', 'moment', 'moment/locale/zh-cn', 'bootstr
                     return html;
                 },
                 url: function (value, row, index) {
-                    return '<div class="input-group input-group-sm" style="width:250px;"><input type="text" class="form-control input-sm" value="' + value + '"><span class="input-group-btn input-group-sm"><a href="' + value + '" target="_blank" class="btn btn-default btn-sm"><i class="fa fa-link"></i></a></span></div>';
+                    return '<div class="input-group input-group-sm" style="width:250px;margin:0 auto;"><input type="text" class="form-control input-sm" value="' + value + '"><span class="input-group-btn input-group-sm"><a href="' + value + '" target="_blank" class="btn btn-default btn-sm"><i class="fa fa-link"></i></a></span></div>';
                 },
                 search: function (value, row, index) {
                     return '<a href="javascript:;" class="searchit" data-field="' + this.field + '" data-value="' + value + '">' + value + '</a>';
diff --git a/public/assets/js/require-table.js b/public/assets/js/require-table.js
index eb5013e..2c685c5 100644
--- a/public/assets/js/require-table.js
+++ b/public/assets/js/require-table.js
@@ -397,7 +397,7 @@ define(['jquery', 'bootstrap', 'moment', 'moment/locale/zh-cn', 'bootstrap-table
                     return html;
                 },
                 url: function (value, row, index) {
-                    return '<div class="input-group input-group-sm" style="width:250px;"><input type="text" class="form-control input-sm" value="' + value + '"><span class="input-group-btn input-group-sm"><a href="' + value + '" target="_blank" class="btn btn-default btn-sm"><i class="fa fa-link"></i></a></span></div>';
+                    return '<div class="input-group input-group-sm" style="width:250px;margin:0 auto;"><input type="text" class="form-control input-sm" value="' + value + '"><span class="input-group-btn input-group-sm"><a href="' + value + '" target="_blank" class="btn btn-default btn-sm"><i class="fa fa-link"></i></a></span></div>';
                 },
                 search: function (value, row, index) {
                     return '<a href="javascript:;" class="searchit" data-field="' + this.field + '" data-value="' + value + '">' + value + '</a>';