diff --git a/app.py b/app.py
index 37f87f5..d796a19 100644
--- a/app.py
+++ b/app.py
@@ -8,6 +8,7 @@ import ipfshttpclient
 from datetime import date, datetime
 from functools import wraps
 import hashlib
+import random
 import os
 from config  import C
 
@@ -45,7 +46,7 @@ def login_required(f):
     @wraps(f)
     def df(*args, **kwargs):
         username = session.get('username')
-        if not username or (not C.allow_guest_upload and username.startswith('guest(')):
+        if not username or (not C.allow_guest_upload and username.startswith('guest~')):
             return redirect(url_for('login'))
         return f(*args, **kwargs, username=username)
     return df
@@ -61,7 +62,16 @@ def guest_login():
 @app.route('/pastExam/login/guest/verify', methods=['POST'])
 @limiter.limit("10 / hour")
 def guest_login_send():
-    return 'ok'
+    for name, ques, hint, ans in C.verify:
+        if request.form.get(name) != ans:
+            return '错误!', 401
+
+    if 'uid' not in session:
+        session['uid'] = random.randint(0, 100000)
+
+    session['username'] = 'guest~%s' % session['uid']
+    session.permanent = True
+    return {'r':0}
 
 @app.route('/pastExam/')
 @login_required
diff --git a/templates/guest-login.html b/templates/guest-login.html
index 9448637..689a907 100644
--- a/templates/guest-login.html
+++ b/templates/guest-login.html
@@ -28,7 +28,7 @@
 
 <body>
   <div class="container">
-    <form action="verify" method="post">
+    <form action="verify" method="post" onsubmit="sendForm(this);return false">
       {% for v in vs %}
       <div class="form-group row">
         <label for="{{v[0]}}" class="col-sm-8 col-form-label">{{v[1]}}</label>
@@ -41,5 +41,21 @@
     </form>
   </div>
 </body>
+<script src="https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.min.js" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"></script>
+<script>
+  function sendForm(f) {
+    $.ajax({
+      type: 'POST',
+      url:  'verify',
+      data: $(f).serialize(),
+      success: () => {
+        top.location.href='../..';
+      },
+      error: (xhr, status, error) => {
+        alert(error + '\n\n' + xhr.responseText);
+      }
+    });
+  }
+</script>
 </html>
 
diff --git a/templates/list.html b/templates/list.html
index 2873aa9..93d038d 100644
--- a/templates/list.html
+++ b/templates/list.html
@@ -165,13 +165,32 @@
     .popover-body ul li {
       margin-bottom: 8px;
     }
+
+    .user-info:not(:hover) .username{
+      display: none;
+    }
   </style>
 </head>
 
 <body>
   <div class="container" style="overflow: hidden">
     <div class="pt-3 pl-3 pb-4 mb-4">
-      <h1>华清大学<br>&nbsp;课程攻略<br>&nbsp;共享计划</h1>
+      <h1>华清大学<br>&nbsp;课程攻略<br>&nbsp;&nbsp;共享计划</h1>
+    </div>
+
+    <div class="fixed-top text-right user-info">
+      <div class="btn-group">
+        <button type="button" class="btn btn-dark rounded-0 username">{{username}}</button>
+    <button type="button" class="btn btn-dark rounded-0 dropdown-toggle dropdown-toggle-split" id="dropdownMenuReference" data-toggle="dropdown" data-reference="parent">
+      <span class="sr-only">Toggle Dropdown</span>
+    </button>
+    <div class="dropdown-menu">
+      <a class="dropdown-item" href="#">我的上传</a>
+      <div class="dropdown-divider"></div>
+      <a class="dropdown-item" href="#">我的下载</a>
+      <a class="dropdown-item" href="#">我的点赞</a>
+    </div>
+  </div>
     </div>
 
     <div class="part1 new">
@@ -299,10 +318,10 @@
         <pre class="ml-3">{{p.notes}}</pre>
         <div class="text-right">
           <small>@{{'匿名用户' if p.anon else p.author}} | {{p.create_date}}</small>
-          <a href="##" class="btn btn-link" id="like-{{p.id}}" onClick="like('{{p.id}}')">
+          <button class="btn btn-link" id="like-{{p.id}}" onclick="like('{{p.id}}')">
             <span>有用({{p.like_num}})</span>
-          </a>
-          <a href="{{p.id}}/download?v={{ipfs_version}}" target="_blank" class="btn btn-link pl-0" id="like-{{p.id}}" onClick="like('{{p.id}}')">
+          </button>
+          <a href="{{p.id}}/download?v={{ipfs_version}}" target="_blank" class="btn btn-link pl-0" id="like-{{p.id}}">
             <span>下载({{p.down_num}})</span>
           </a>
         </div>
@@ -338,7 +357,7 @@
   </div>
 </body>
 
-<script src="https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
+<script src="https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.min.js" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"></script>
 <script src="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ho+j7jyWK8fNQe+A12Hb8AhRq26LrZ/JpcUGGOn+Y7RsweNrtN/tE3MoK7ZeZDyx" crossorigin="anonymous"></script>
 <script src="https://cdn.jsdelivr.net/npm/bs-custom-file-input/dist/bs-custom-file-input.min.js" crossorigin="anonymous"></script>
 
@@ -357,7 +376,7 @@
         $(`#like-${toot} svg`).toggleClass("like liked");
       },
       error: (xhr, status, error) => {
-        alert(error + ': ' + xhr.responseText);
+        alert(error);
       }
     });
   }
@@ -375,7 +394,6 @@
       <li>如有特殊署名或授权需求，请体现在文件名或附带上传LICENSE，请确保授权方式与本平台的运作方式兼容，推荐使用CC-BY-SA许可协议。默认情况下上传内容的版权与上传前一致，属于上传者/原作者/公有领域等。请务必确保上传行为不会侵犯其他人的合法权益。</li>
       </ul>`
     });
-    $("#anon").bootstrapSwitch({onColor: 'danger'});
   })
 
 </script>