diff --git a/webapp/controller/ShopController.class.php b/webapp/controller/ShopController.class.php
index 54ff9a3d..7c717980 100644
--- a/webapp/controller/ShopController.class.php
+++ b/webapp/controller/ShopController.class.php
@@ -365,6 +365,7 @@ class ShopController extends BaseAuthedController
         $id = $order['id'];
         $goods_num = $order['goods_num'];
         $o_status = $order['status'];
+        $address = $order['address'];
 
         if ($o_status != 0) {
             $this->_rspErr(1, "order status error, status: {$o_status}");
@@ -375,6 +376,8 @@ class ShopController extends BaseAuthedController
         switch ($status) {
             case "9":
                 $buyStatus = 1;
+                // 充值成功，开始首充奖励
+                $this->beginFirstTupop($address);
                 break;
             case "99":
             case "98":
@@ -398,7 +401,7 @@ class ShopController extends BaseAuthedController
         $meta = mt\Item::get($item_id);
         error_log("buyGoodsDirect---" . $item_id . "---" . $item_num . "---" . $bundle_size . "---" . $meta['name']);
         if ($meta && $item_num > 0) {
-            $address = $order['address'];
+            // $address = $order['address'];
             $account_id = $this->getAccountId($address);
 
             if ($item_id == V_ITEM_DIAMOND) {
@@ -844,10 +847,10 @@ class ShopController extends BaseAuthedController
     public function buyGoodsNormal()
     {
         $address = $this->_getAddress();
-        // if (empty($address)) {
-        //     $this->_rspErr(4, 'address is empty');
-        //     return;
-        // }
+        if (empty($address)) {
+            $this->_rspErr(4, 'address is empty');
+            return;
+        }
         $id = getReqVal('id', 0);
         $token_type = getReqVal('token_type', '');
         $goods_num = getReqVal('goods_num', 0);
@@ -1132,6 +1135,15 @@ class ShopController extends BaseAuthedController
     public function buyDiamond()
     {
         $num = getReqVal('num', 0);
+        if (!is_numeric($num)) {
+            $this->_rspErr(1, "num is invalid, {$num}");
+            return;
+        }
+        if ($num <= 0) {
+            $this->_rspErr(1, "num is invalid, {$num}");
+            return;
+        }
+
         $price = $this->normalizeWeb3Price($num);
         $item_id = V_ITEM_DIAMOND;
         $item_count = $num;
@@ -1170,14 +1182,23 @@ class ShopController extends BaseAuthedController
     public function buyGoodsDS()
     {
         $idx = getReqVal('idx', 0);
-        $grid = getReqVal('grid', 0);
-        $count = getReqVal('count', 0);
+        if ($idx <= 0) {
+            $this->_rspErr(2, 'idx is invalid');
+            return;
+        }
 
+        $grid = getReqVal('grid', 0);
         if ($grid < 1 || $grid > 6) {
             $this->_rspErr(2, 'grid is invalid');
             return;
         }
 
+        $count = getReqVal('count', 0);
+        if ($count<=0) {
+            $this->_rspErr(2, 'count is invalid');
+            return;
+        }
+
         $conn = $this->_getMysql('');
 
         $row = SqlHelper::selectOne(
@@ -1647,12 +1668,6 @@ class ShopController extends BaseAuthedController
                     if ($this->_isVirtualItem($itemMeta['id'])) {
                         $this->_addVirtualItem($itemMeta['id'], $count, null, $propertyChgService);
                         $propertyChgService->addUserChg();
-                        // 充值就尝试开启首充活动
-                        if ($sysAdd != 1) {
-                            if ($itemMeta['id'] == 10001) {
-                                $this->beginFirstTupop();
-                            }
-                        }
                     } else {
                         Bag::addItem($itemMeta['id'], $count);
                         $propertyChgService->addBagChg();
@@ -1702,15 +1717,18 @@ class ShopController extends BaseAuthedController
         return true;
     }
 
-    private function beginFirstTupop()
+    private function beginFirstTupop($address = null)
     {
+        if (!$address) {
+            $address = myself()->_getAddress();
+        }
         $conn = myself()->_getMysql('');
 
         $exist = SqlHelper::selectOne(
             $conn,
             't_first_topup',
             array('address'),
-            array('address' => myself()->_getAddress())
+            array('address' => $address)
         );
         if ($exist) {
             return;
@@ -1721,7 +1739,7 @@ class ShopController extends BaseAuthedController
             $conn,
             't_first_topup',
             array(
-                'address' => myself()->_getAddress(),
+                'address' => $address,
                 'createtime' => myself()->_getNowTime(),
                 'status1' => 0,
                 'status2' => 0,
@@ -1848,10 +1866,10 @@ class ShopController extends BaseAuthedController
                 }
                 $propertyChgService = new services\PropertyChgService();
                 if ($item['item_type'] == 2) {
-                    $this->internalAddItem($propertyChgService, $itemMeta, $item['num'], 1, $grade);
+                    $this->internalAddItem($propertyChgService, $itemMeta, $item['num'], 0, $grade);
                 } else {
                     for ($j = 0; $j < $item['num']; $j++) {
-                        $this->internalAddItem($propertyChgService, $itemMeta, 1, 1, $grade);
+                        $this->internalAddItem($propertyChgService, $itemMeta, 1, 0, $grade);
                     }
                 }
                 $record[$key] = array("item_id" => $item['item_id'], "item_num" => $item['num']);