Hi Jerry,
I can't think of an easy clean solution. To do it with PHP you'd need to add some code to all the 3rd party programs, and ensure that it didn't conflict with any of their code.
Maybe if we set a PHP session variable to indicate if a user was logged in, that would be easier to check. But you still have the issue that if any of the 3rd party apps are upgraded the code will be overwritten, and website membership would also need to clear that settings.
Tim's cookie idea is interesting, but you'd need to make sure people couldn't fake it since cookies are client side. But maybe something along the lines of having htaccess code that redirects to the login page unless something is set that indicates a valid login.
Or another approach is to only have the folder accessible through a time-expired URL or URL alias (eg: /members-j93dej7834/) that changes at intervals so it's not possible to guess it unless you can login.
But I can't think of an easy way to implement any of those without further research and custom code, and even then they seem a bit tricky.
Dave Edis - Senior Developer
interactivetools.com