diff --git a/app.py b/app.py
index 3027399..90077d4 100644
--- a/app.py
+++ b/app.py
@@ -54,17 +54,28 @@ def inbox():
             'time': c.time.replace(tzinfo=tzlocal())
             } for c in Candidate.query.all()
         ]
+    
+    vs = [{
+        'name': name,
+        'ques': ques,
+        'hint': hint
+        } for name, ques, hint, ans in C.verify
+        ]
 
-    return render_template('inbox.html', cans=cans)
+    return render_template('inbox.html', cans=cans, vs=vs)
 
 @app.route('/ordinary/new', methods=['POST'])
 @limiter.limit("5 / hour; 1 / 2 second")
 def new_one():
 
     content = request.form.get('text')
-    print(content)
-    if not content or len(content)>400:
-        abort(422)
+    url = request.form.get('url')
+
+    for name, ques, hint, ans in C.verify:
+        if request.form.get(name) != ans: abort(401)
+
+    if not content or len(content)>400: abort(422)
+    if url and not re.match('https://closed\.social/safeShare/\d([a-zA-Z]+)?', url): abort(422)
 
     if not Candidate.query.filter_by(content=content).first():
         
@@ -73,7 +84,7 @@ def new_one():
                 visibility='unlisted' 
                 )
 
-        c = Candidate(content=content, toot=toot.id, time = datetime.now())
+        c = Candidate(content=content, url=url, toot=toot.id, time = datetime.now())
         db.session.add(c)
         db.session.commit()
 
@@ -100,7 +111,6 @@ def get_replies(toot):
             lambda r: r['content'] == '删除' and r['url'].split('/@')[1] in C.admins,
             replies
             ))
-    print(d)
     if d:
         db.session.delete(c)
         db.session.commit()
diff --git a/config.sample.py b/config.sample.py
index d455be4..4941501 100644
--- a/config.sample.py
+++ b/config.sample.py
@@ -6,3 +6,7 @@ class C(object):
     bot_name = '@ordinary_bot'
     token = 'token'
     admins = []
+    verify = [
+                ('test1', '1+1=?', '2', '2'),
+                ('test2', '2+2=?', '5', '4')
+            ]
diff --git a/templates/inbox.html b/templates/inbox.html
index 0ad17b2..0478c30 100644
--- a/templates/inbox.html
+++ b/templates/inbox.html
@@ -3,24 +3,24 @@
 <head>
 	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 	<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
-	<meta property="og:title" content="华清特将报名" />
+	<meta property="og:title" content="华清特奖报名" />
 	<meta property="og:description" content="华清大学特普通奖学金" />
 	<link href="https://cdn.bootcss.com/twitter-bootstrap/4.3.1/css/bootstrap.min.css" rel="stylesheet">
 	<script src="https://cdn.bootcss.com/jquery/3.4.1/jquery.min.js"></script>
 	<script src="https://cdn.bootcss.com/twitter-bootstrap/4.3.1/js/bootstrap.min.js"></script>
   <script src="https://cdn.bootcdn.net/ajax/libs/jquery-timeago/1.6.7/jquery.timeago.min.js"></script>
   <script src="https://cdn.bootcdn.net/ajax/libs/jquery-timeago/1.6.7/locales/jquery.timeago.zh-CN.js"></script>
-  <title>华清特将报名</title>
+  <title>华清特奖报名</title>
   <style>
-.qbox {
-  background:#e8e8e8;
-  padding:5px;
-  color:black;
-  box-shadow: 2px 2px 10px 2px rgb(219 219 220);
-  border-radius: .5rem;
-  margin: 25px 0;
-}
-      pre {
+      .qbox {
+        background:#e8e8e8;
+        padding:5px;
+        color:black;
+        box-shadow: 2px 2px 10px 2px rgb(219 219 220);
+        border-radius: .5rem;
+        margin: 25px 0;
+      }
+      .qbox .inner {
         margin: 15px 0 0 15px;
         white-space: pre-wrap;
       }
@@ -39,27 +39,54 @@
 <body style="background-color: #001a37;color:#e8e8e8">
 	
 	<div style="max-width:700px;" class="container">
-			<div style="background-color:rgba(230,230,250,0.5);margin-bottom:80px">
+			<div style="background-color:rgba(230,230,250,0.5);margin-bottom:40px">
 
 				<div align='center' style='background-color:rgba(180,180,250,0.5);padding:10px;color:#ffffff;'>
           <h1 align='center'>华清大学<br/>特普通奖学金</h1>
 				</div>
 			</div>
-			
-			<form action="new" method="post">
-			    <div class="form-group qbox">
-                    <label>自荐提名</label>
-                    <textarea class="form-control"  name="text" rows="5" maxlength="400" placeholder="简单介绍一下自己，禁止内卷，限400字" required="required"></textarea>
-                    <button type="submit" class="btn btn-primary">报名！</button>
-                </div>
-            </form>
-            
+
+      <form action="new" method="post">
+        <div class="form-group qbox">
+          <label>自荐提名</label>
+          <textarea class="form-control"  name="text" rows="5" maxlength="400" placeholder="简单介绍一下普通的自己，禁止内卷，限400字" required="required"></textarea>
+          <div class="form-group row">
+            <label for="url" class="col-sm-3 col-form-label">补充材料(可选)</label>
+            <div class="col-sm-9">
+              <input type="url" class="form-control" id="url" name="url" placeholder="链接，如：https://closed.social/safeShare/1xxxxxx" pattern="https://closed\.social/safeShare/\d([a-zA-Z]+)?">
+            </div>
+          </div>
+          {% for v in vs %}
+          <div class="form-group row">
+            <label for="{{v.name}}" class="col-sm-4 col-form-label">{{v.ques}}</label>
+            <div class="col-sm-8">
+              <input type="text" class="form-control" id="{{v.name}}" name="{{v.name}}" placeholder="{{v.hint}}">
+            </div>
+          </div>
+          {% endfor %}
+          <button type="submit" class="btn btn-primary">报名！</button>
+        </div>
+      </form>
+
+      <div style="font-size:80%">
+        <p>提示：</p>
+        <ol>
+          <li>初选报名不需要登陆任何帐号，你可以留下联系方式或可验证身份的信息（如公钥/数字签名），也可以不留。</li>
+          <li>如果需要附上补充材料，请使用清华云盘。为了避免泄露姓名请使用<a href="/safeShare" target="_blank">safeShare</a>，我们不接受其他云盘。</li>
+          <li>下方的评论来自闭社用户。如需删除自己发布的介绍请让任意一位工作人员评论“删除”。</li>
+          <li>需要回答几个简单的问题以初步验证清华身份。入围后需要用清华邮箱注册闭社以正式验证清华身份。</li>
+          <li>建议在电脑上操作以免丢失未保存的内容。如果出错(例如验证问题答错了)，请回退，多数浏览器都会恢复之前填写的内容。</li>
+        </ol>
+      </div>
             <hr/>
             <h3>已有的报名</h3>
             
-            {% for c in cans|reverse %}
+            {% for c in cans %}
             <div class="qbox">
-                <pre>{{c.content}}</pre>
+                <pre class="inner">{{c.content}}</pre>
+                {% if c.url %}
+                <p class="inner"><a href="{{c.url}}" target="_black">补充材料</a></p>
+                {% endif %}
                 <div style="text-align:right">
                     <time class="timeago" datetime="{{c.time}}"></time>
                     <a class="btn btn-link request-answer" data-toggle="collapse" href="#collapse-{{c.toot}}" role="button" aria-expanded="false" aria-controls="collapse-{{c.toot}}">
