diff --git a/setup/includes/bootstrap.php b/setup/includes/bootstrap.php
index 55092c1c..caa28c7b 100644
--- a/setup/includes/bootstrap.php
+++ b/setup/includes/bootstrap.php
@@ -84,6 +84,8 @@ $app->instance('request', $request);
 
 $app->singleton('database', App\Services\Database\Database::class);
 $app->singleton('option',   App\Services\Repositories\OptionRepository::class);
+$app->singleton('cipher',   "App\Services\Cipher\\".config('secure.cipher'));
+$app->singleton('users',    App\Services\Repositories\UserRepository::class);
 
 View::addExtension('tpl', 'blade');
 
diff --git a/setup/includes/helpers.php b/setup/includes/helpers.php
index 8c4173fc..469a84df 100644
--- a/setup/includes/helpers.php
+++ b/setup/includes/helpers.php
@@ -3,7 +3,7 @@
  * @Author: printempw
  * @Date:   2016-09-14 16:57:37
  * @Last Modified by:   printempw
- * @Last Modified time: 2016-09-30 23:18:56
+ * @Last Modified time: 2016-10-23 13:23:24
  */
 
 function check_table_exists() {
@@ -11,7 +11,7 @@ function check_table_exists() {
 
     foreach ($tables as $table_name) {
         // prefix will be added automatically
-        if (!Database::hasTable($table_name)) {
+        if (!Database::hasTable(config('database.connections.mysql.prefix').$table_name)) {
             return false;
         }
     }
diff --git a/setup/index.php b/setup/index.php
index 9daab4a6..243557f9 100644
--- a/setup/index.php
+++ b/setup/index.php
@@ -67,9 +67,13 @@ switch ($step) {
         }
 
         // register super admin
-        $user = new App\Models\User(null, ['email' => $_POST['email']]);
-        $user->register($_POST['password'], get_real_ip());
-        $user->setPermission('2');
+        $user = App\Models\User::register($_POST['email'], $_POST['password'], function($user) {
+            $user->ip           = get_real_ip();
+            $user->score        = option('user_initial_score');
+            $user->register_at  = Utils::getTimeFormatted();
+            $user->last_sign_at = Utils::getTimeFormatted(time() - 86400);
+            $user->permission   = App\Models\User::SUPER_ADMIN;
+        });
 
         if (!is_dir(BASE_DIR.'/storage/textures/')) {
             if (!mkdir(BASE_DIR.'/storage/textures/'))
diff --git a/setup/migrations/index.php b/setup/migrations/index.php
index 766e2424..9907a39f 100644
--- a/setup/migrations/index.php
+++ b/setup/migrations/index.php
@@ -10,19 +10,20 @@ if (!check_table_exists()) {
     redirect_to('../index.php');
 }
 
+// load session from cookie
 if (isset($_COOKIE['uid']) && isset($_COOKIE['token'])) {
-    $_SESSION['uid'] = $_COOKIE['uid'];
+    $_SESSION['uid']   = $_COOKIE['uid'];
     $_SESSION['token'] = $_COOKIE['token'];
 }
 
 // check permission
 if (isset($_SESSION['uid'])) {
-    $user = new App\Models\User($_SESSION['uid']);
+    $user = $app['users']->get($encrypter->decrypt($_COOKIE['uid']));
 
     if ($_SESSION['token'] != $user->getToken())
         redirect_to('../../auth/login', '无效的 token，请重新登录~');
 
-    if ($user->getPermission() != "2")
+    if ($user->getPermission() != App\Models\User::SUPER_ADMIN)
         abort(403, '此页面仅超级管理员可访问');
 
 } else {