You don't need to echo every line, you can echo once and then put all of your HTML inside. Or, you can just end the PHP and then continue it later.
PHP Code:
<?php
session_start();
if (isset ($_SESSION['logged'])) {
echo '<b>Multiple</b>
<i>lines of</i>
<u>wonderful HTML!</u>';
} else {
// not logged in
header('location: login/main_login.html');
}
?>
PHP Code:
<?php
session_start();
if (isset ($_SESSION['logged'])) {
// do logged in stuff
?>
You've ended the PHP tags, so do your junk here.
<?php
// then you can restart here. PHP doesn't care
} else {
// not logged in
header('location: login/main_login.html');
}
?>
Here's examples of both methods.
To protect an external file, you have two fairly easy methods. One is to do funky things with .htaccess. Another option is to store the files in a folder that's not an obvious name. Then, have long random file names for the files. Store the names in a database and then when the file is requested, just get it from the database. You could even have the name change on each request, or after a certain time period.
It's difficult to truly protect external files, I don't really know of any other way except what I just mentioned.