thanks MGatner,
I create a filter...
class AuthFilter implements FilterInterface
{
public function before(RequestInterface $request)
{
$session = session();
$auth_user = (object)$session->get('auth_user');
if(property_exists($auth_user, 'token') && property_exists($auth_user, 'usuari_id'))
{
$sessionUsuarisModel = new SessionUsuarisModel();
$user_session = $sessionUsuarisModel->where('token', $auth_user->token)->first();
if($auth_user->token <> $user_session->token || $auth_user->usuari_id <> $user_session->usuari_id)
{
return redirect()->to('/admin/login');
}
}
else
{
return redirect()->to('/admin/login');
}
}
//--------------------------------------------------------------------
public function after(RequestInterface $request, ResponseInterface $response)
{
// Do something here
}
}
And declare in config/filter
// Always applied before every request
public $globals = [
'before' => [
//'honeypot'
// 'csrf',
'authfilter' => ['except' => ['page/*', 'admin/login', 'admin/logout', 'admin/check-login']]
],
'after' => [
'toolbar',
//'honeypot'
],
];
it's oky!!
and a better than a helper declare in __construct(), because only declare one time!
thnaks