Okay two points. First u need to learn sesssions very important if u want to create some sort of secure app u will need to a session on each page where u want to track the user and it must be the first command!
Code:
<?php
session_start();
?>
Below will cause errors
<?php
$x ="Bad";
session_start();
?>
Check out
http://www.zend.com/zend/tut/session.php
For the second part to avoid ppl being able to have direct access to secure pages u will need to create a function to checked the user is logged in before the page is displayed.
U could also secure it a little more by include the secure page rather than redirecting to it. Also using some thing this below will at another small layer of security
Code:
<?php
##Login Page
##Good User
define("Allowed", "Yes");
include 'admin.php';
?>
<?php
### admin.php ####
if(!defined('Allowed')){
die("Access Refused");
}
/* If the admin.php page is access directly the constant of "Allowed" will not be defined there for access refused*/
?>