diff --git a/composer.json b/composer.json
index f159ad4..0906ed5 100644
--- a/composer.json
+++ b/composer.json
@@ -2,6 +2,7 @@
   "name": "d3/totp",
   "description": "Two-factor authentication for OXID eSales shop",
   "type": "oxideshop-module",
+  "version": "0.1",
   "keywords": [
     "oxid",
     "modules",
diff --git a/src/Modules/Application/Controller/Admin/d3_totp_LoginController.php b/src/Modules/Application/Controller/Admin/d3_totp_LoginController.php
index a93a8ff..d65da5f 100644
--- a/src/Modules/Application/Controller/Admin/d3_totp_LoginController.php
+++ b/src/Modules/Application/Controller/Admin/d3_totp_LoginController.php
@@ -15,11 +15,55 @@
 
 namespace D3\Totp\Modules\Application\Controller\Admin;
 
+use D3\Totp\Application\Model\d3totp;
+use Doctrine\DBAL\DBALException;
+use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
+use OxidEsales\Eshop\Core\Registry;
+
 class d3_totp_LoginController extends d3_totp_LoginController_parent
 {
+    /**
+     * @return string
+     * @throws DBALException
+     * @throws DatabaseConnectionException
+     */
     public function render()
     {
-        // check for username / password or totp auth
-        return parent::render();
+        $auth = Registry::getSession()->getVariable("auth");
+
+        $return = parent::render();
+
+        if ($auth
+            && oxNew(d3totp::class)->UserUseTotp($auth)
+            && false == Registry::getSession()->getVariable("totp_auth")
+        ) {
+            // set auth as secured parameter;
+            $return = 'd3login_totp.tpl';
+        }
+
+        return $return;
+    }
+
+    /**
+     * @return mixed|string
+     * @throws DBALException
+     * @throws DatabaseConnectionException
+     */
+    public function checklogin()
+    {
+        $return = parent::checklogin();
+
+        if ($return == "admin_start") {
+            if ((bool) $this->getSession()->checkSessionChallenge()
+                && count(\OxidEsales\Eshop\Core\Registry::getUtilsServer()->getOxCookie())
+                && Registry::getSession()->getVariable("auth")
+                && oxNew(d3totp::class)->UserUseTotp(Registry::getSession()->getVariable("auth"))
+                && false == Registry::getSession()->getVariable("totp_auth")
+            ) {
+                $return = "login";
+            }
+        }
+
+        return $return;
     }
 }
\ No newline at end of file
diff --git a/src/Modules/Core/d3_totp_utils.php b/src/Modules/Core/d3_totp_utils.php
index 8960e4d..23f4dca 100644
--- a/src/Modules/Core/d3_totp_utils.php
+++ b/src/Modules/Core/d3_totp_utils.php
@@ -32,12 +32,13 @@ class d3_totp_utils extends d3_totp_utils_parent
         $blAuth = parent::checkAccessRights();
 
         $userID = Registry::getSession()->getVariable("auth");
+        $totpAuth = (bool) Registry::getSession()->getVariable("totp_auth");
         /** @var d3totp $totp */
         $totp = oxNew(d3totp::class);
 
-        // und kein auth
-        if ($blAuth && $totp->UserUseTotp($userID)) {
-echo __CLASS__." - ".__FUNCTION__." - ".__LINE__."<br>";
+        if (1 == 0 && $blAuth && $totp->UserUseTotp($userID) && false === $totpAuth) {
+            Registry::getUtils()->redirect('index.php?cl=login', true, 302);
+            exit;
         }
 
         return $blAuth;