diff --git a/webapp/controller/BattleController.class.php b/webapp/controller/BattleController.class.php
index badfbb73..2189676c 100644
--- a/webapp/controller/BattleController.class.php
+++ b/webapp/controller/BattleController.class.php
@@ -335,6 +335,10 @@ class BattleController extends BaseAuthedController {
             error_log($rawData);
             $sign = strstr($rawData, '|', true);
             $customData = strstr($rawData, '|');
+            if (md5($customData . HALL_KEY) != $sign) {
+                myself()->_rspErr(1, 'sign error');
+                return;
+            }
         }
 
         $data = array(