So <img src="path/image1.php" /> should work. If you don't fancy having 4 million php files, one for each image, just have the one and include a querystring in the url:
<img src="path/image1.php?id=4" /> would work if your images are indexed in a DB or use <img src="path/image1.php?img=sugarme&ext=jpg" /> for including the filename. What you need is a folder NOT called images or similar. Using htaccess (as mentioned previously) can also be used.
can you even redirect a whole directory with htaccess to the php login script im using?
so if i use htaccess in the image directory to redirect to the login script to access the directory that will work?
I have a database setup with usernames/passwords for each individual user account. It protects the content on that html page. But if they know the direct url to the image with out being logged in they can view it. So htaccess would stop this from happening.