Oh -- one question about your reply, and one I forgot to ask in the first place

In your reply there seem to be three protected pages (uploadcalendar.php, uploadmerchandise.php, and uploadlogin.php) with different settings, but only two password-protect files (ppmerchandise.php and ppcalendar.php) -- I'm not sure I understand "copy password_protect.php to uploadlogin.php" : do you mean copy the <?php include etc ?> line to it? In that case, shouldn't there be a Password-protect file to protect this one, e.g. pplogin.php?
For the moment I'll assume that there is a pplogin.php protecting loginupload.php. Now my other question is:
the line used for redirecting gives an absolute path, i.e. http://www.mysite.co.uk/ and then the bit put in per user. Is it possible to use relative paths here, and if so, relative to what?
That is to say, suppose loginupload.php is in the main directory (i.e. its URL is http://www.mysite.co.uk/loginupload.php),the file protecting it pplogin.php is in a separate folder (i.e. its URL is http://www.mysite.co.uk/ppfiles/pplogin.php), and the files to which users are redirected are in another folder (i.e. their URLs are http://www.mysite.co.uk/upload/uploadmerchandise.php and http://www.mysite.co.uk/upload/uploadcalendar.php)
Do I calculate from pplogin.php and make the last line of pplogin.php read:
header('Location: ../upload/'.$REDIRECTS[$login]); exit
that is, up one directory, then down into another
or do I calculate from loginupload.php:
header('Location: ../upload/'.$REDIRECTS[$login]); exit;
that is, down one directory
or is it impossible altogether...?