diff --git a/webapp/controller/PayController.class.php b/webapp/controller/PayController.class.php
index 83b5b72..c3afc70 100644
--- a/webapp/controller/PayController.class.php
+++ b/webapp/controller/PayController.class.php
@@ -4,8 +4,10 @@ class PayController {
 
     const SCAN_PAY_API_URL = 'https://gwapi.yemadai.com/pay/aggregatePay';
     const PRI_KEY = 'MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALaDZP3ysvKxkBLWlW/aAT/YM5/34uQcj2gQVV4q9Vkoscw3MSlmRcr4hckwenGUw0tK2LC4vEume8JBCm0ZsWiGoOwcAJp16Zzr+35hUXYVfgXoYiAG5o8N0nBIYCWO1Tk/e+wJsmkY9eHpA3Iq94EAkogttd6bqk+X4nTUIxfJAgMBAAECgYB3pECC3CMERvOr9bC2RtGE2aRV2/iHElXLoNFlToHQ9YU/2npGqj1cJXgF/9p0NFGlPKY5ipAcg0EjgOFlzW7me9C/wC7x704+WMsqZu7POvOXTlFDRVHYpd6iQqLubjToSMPeIEreSBQYjU8giiVxEZ+7mcFpBShFcXSTJWInBQJBANw5/euICWKnqtmN/PXzdKVC+Y4A2TsYgxWCQaCrjO7YytqCCoaZSJn0+rnTchI0VB2YP0nBxlz+8Jp7DkPjpMsCQQDUKR2Olmh7VB9OQ49KhsgGoNMZvZB69borAPtY8I3eSkyS3t6xTa5S9AEXV4hW1553/KewBAYvnAwS0Gkevbc7AkAzlaXjoLbKFAoR8Y9aMQ+WkkyQNaSskf5KcHtc3jIh1EgXzLQYeRknbtm3405p8zXsxLe2WBxVtiW3mbFqt4znAkEAoeLJmd5s1QYoaRimAtD7WgtnaPG7iAduSZgTMhdDuUVqTnte412J0eQ73Oq+rr0SPy37ahR3/+YLVGPQglNytwJAAcbSZ0EhcRaJUMcrrs2HQoMmQ53Gs5qJsVE5VWUh25Ryqjjo6y7kVYVVaYU1xhguMs7309Y4F4VFiPLZeLIpcw==';
-    const PUB_KEY = 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVd+f/YkGDi8s9AKhZvmHCxZ2+sPKIsr+JVS2Uj4pP6qApuNq5lEwtF4c6LzHJbUUxKge/OttiR7pR481tqW3PgeSYjyU6rayx0rSEo8/xqVHnh4XugbJREUVyq/Evp79f0BePO69zC0AdYZSjXOAVG8uduRzHl4RWb7BiDLBL3QIDAQAB';
+
     const MER_NO = '49118';
+    const SUB_APPID = 'wx7d6509053659d9ed';
+    const COMPANY_NO = 'sweep-f4fea613fec043f8bd81e9b70375e364';
 
     protected function getMysql($accountid)
     {
@@ -47,18 +49,22 @@ class PayController {
 
     public function aggregatePay()
     {
-        /*
-        if (!phpcommon\isValidSessionId(
-            $_REQUET['account_id'],
-            $_REQUET['session_id']
-        )) {
-            echo json_encode(array(
-                'errcode' => 100,
-                'errmsg' => 'session无效',
-            ));
-            die();
+        if (SERVER_ENV == _ONLINE) {
+            if (!phpcommon\isValidSessionId(
+                $_REQUET['account_id'],
+                $_REQUET['session_id']
+            )) {
+                echo json_encode(array(
+                    'errcode' => 100,
+                    'errmsg' => 'session无效',
+                ));
+                die();
+            }
+        }
+        $openid = 'ouPbc4gvHQ_eRRtPKb6BhHGpheB8';
+        if (isset($_REQUEST['account_id'])) {
+            $openid = phpcommon\extraceOpenId($_REQUEST['account_id']);
         }
-        */
         $orderid = $this->getOrderId();
         if (empty($orderid)) {
             die();
@@ -77,12 +83,12 @@ class PayController {
             'Amount' => '0.01',
             'Subject' => '1',
             'Desc' => '1',
-            'CompanyNo' => 'sweep-f4fea613fec043f8bd81e9b70375e364',
+            'CompanyNo' => self::COMPANY_NO,
             'RandomStr' => $orderid,
             'SignInfo' => '',
             'AdviceUrl' => htmlentities($advice_url),
-            'SubAppid' => 'wx7d6509053659d9ed',
-            'UserId' => 'ouPbc4gvHQ_eRRtPKb6BhHGpheB8'
+            'SubAppid' => self::SUB_APPID,
+            'UserId' => $openid
         );
         $params['SignInfo'] = $this->_reaEncode(
             'AdviceUrl=' . $advice_url . '&' .