如果你想保护你的文件，你需要保持这些文件为php。但是，您可以在不同的文件中分离php代码，并将该文件包含在主php文件的顶部，如require_once（“system_work.php”）；在system_work.php中，您可以处理登录并检查会话变量是否存在，然后决定是否要退出该页面或让用户留在那里。
我在codecanyon上有登录脚本https://codecanyon.net/item/php-login-user-management-with-message-center/5862673 我要分享的代码如何登录工作。
请注意，会话不能在html文件中工作，因此，如果要保护文件，该文件需要是html。否则服务器端安全就不可能了。不过，您可以通过php保存cookie，通过javascript访问cookie，并通过javascript进行验证，但这样做相对不安全。
在dashboard.php中，我有以下代码

<?php
include('system_load.php');
//Including this file we load system.
/*
Logout function if called.

* /

if(isset($_GET['logout']) && $_GET['logout'] == 1) { 
    session_destroy();
    HEADER('LOCATION: '.get_option('redirect_on_logout'));
    exit();
} //Logout done.

//user Authentication.
authenticate_user('admin');

$page_title = $label_obj->label('dashboard_title'); //You can edit this to change your page title.
require_once("includes/header.php"); //including header file.

?>
在这个代码之后是正文，也在页眉之后，然后页脚也以同样的方式包含进来。现在看system_load.php是一个包含所有其他类、函数文件和会话信息的文件。我还将与您共享该文件的代码。
系统加载.php

<?php
session_start();
/*This file loads system to do basic functions on the site, Please do not change anything here if you dont know what you are doing.*/
include('includes/db_connect.php');
include('includes/functions.php');
//Redirecting to installation wizard if not installed already.
global $db;
//Checks if options exist and installation is complete.
$val = $db->query('SELECT 1 from notes');
if($val == FALSE) {
  HEADER("LOCATION: install.php");
}
include('includes/update.php');
//Session signout after session timeout.
if(isset($_SESSION['timeout'])) {
    if ($_SESSION['timeout'] + get_option('session_timeout') * 60 < time()) {
        session_destroy();
        HEADER('LOCATION: '.get_option('redirect_on_logout'));
        exit();
    }
}
//Adding Language.
include('classes/labels.php');
include('classes/users.php');
include('classes/userlevel.php');
include('classes/notes.php');
include('classes/messages.php');
include('classes/announcements.php');

$label_obj = new WebsiteLabels;
$new_user = new Users;

if(isset($_SESSION['user_id'])):
    $new_user       = new Users;
    $user_status    = $new_user->get_user_info($_SESSION['user_id'], 'status');

    if($user_status == 'ban' || $user_status == 'deactivate' || $user_status == 'suspend') { 
        session_destroy();
        HEADER('LOCATION: index.php');
    }

    $message_obj        = new Messages;
    $new_level          = new Userlevel;
    $notes_obj          = new Notes;
    $announcement_obj   = new Announcements;

    if($new_user->get_user_info($_SESSION['user_id'], 'profile_image') == '') { 
        $profile_img = 'images/thumb.png';
    } else { 
        $profile_img = $new_user->get_user_info($_SESSION['user_id'], 'profile_image');
    }
endif;

让我知道如果它给你一个想法，你可以继续你也可以问我进一步的文件代码，如果你需要我可以分享谢谢。