diff --git a/webapp/controller/CallbackController.class.php b/webapp/controller/CallbackController.class.php
index 24398075..bf498214 100644
--- a/webapp/controller/CallbackController.class.php
+++ b/webapp/controller/CallbackController.class.php
@@ -37,15 +37,34 @@ class Callback extends BaseController {
         $channel = BC_CHANNEL;
         $accountId = phpcommon\createAccountId($channel, $gameId, $account);
 
-        $gold = 0;
-        $diamond = 0;
-
         $conn = myself()->_getMysql($accontId);
         if (UserWalletRecord::find($conn, $txHash)) {
             myself()->_rspOk();
             return;
         }
 
+        if (!in_array($dir, array(0, 1))){
+            myself()->_rspErr(1, '');
+            return;
+        }
+
+        if (!in_array($type, array(1, 2))){
+            myself()->_rspErr(2, '');
+            return;
+        }
+
+        $gold = 0;
+        $diamond = 0;
+        if ($type == 0) {
+            $gold = $value;
+        } else {
+            $diamond = $value;
+        }
+        if ($dir == 1) {
+            $gold = -$gold;
+            $diamond = -$diamond;
+        }
+
         $userRow = SqlHelper::ormSelect(
             $conn,
             't_user',
@@ -76,10 +95,10 @@ class Callback extends BaseController {
                 ),
                 array(
                     'gold' => function() use($gold) {
-                        return 'gold + ${gold}';
+                        return 'max(0, gold + ${gold})';
                     },
                     'diamond' => function() use($diamond) {
-                        return 'diamond + ${diamond}';
+                        return 'max(0, diamond + ${diamond})';
                     },
                     'modifytime' => myself()->_getNowTime()
                 ),