hello! I'm new to the forum. I really need help from all of you.
I have a form in an html page "index.html" like below:

<form action="login.php" method="post">...

How can I prevent users from viewing the login.php in the action attribute of the form tag above by just typing its url directly? I've tried using htaccess to deny access but i cannot submit the form. And what is the best way to seperate "html page containing form for submission" from "php file to process form's data"? Thanks in advance.

Suggest that you make the first module PHP rather than HTML then set a session variable when they enter that page. In your Login module, the first thing that you do is to check if the session variable is set or not and return to the login form if not. You might also want to make it a count rather than a simple switch. You can use a second session variable in the login module as a count as well. You could use these to determine if someone had used the initial module once then just kept banging away at login.php. Also could be used to determine the number of tries before you freeze them out for a while.

Thanks for your kind reply. But there's a bit problem here. What will happen if a user open the login form of my page, and then just type the url of login.php directly? He will get access to this login.php because a session is already created. I want to redirect him back to the login form if he types the url directly. Anyway, your suggestion is very helpful, thanks again.