pkimran wrote:i enter user name and password in login.html and directed to index.php all is working well. but the problem is the index file can also be access when write its path (localhost/index.php) in browser.
i want to restrict every user to access index.php directly.
This is impossible, there is technically no difference between "directing to index.php" and "direct access to index.php". You might add some validations, for example eveluate the HTTP_REFERER or similar, but this is not 100% safe. But you cannot avoid that index.php is accessible (if it is not accessible, you cannot use it for a redirect).
I dont know how your login is working, but of course you have to validate in your scripts (i.e. in index.php), that a user has logged in successfully before, if you are doing the login by yourself (and not via Apache Authorize). Usually this is done by using session variables.