hi, i would like to restrict user to go into a page if he knows the url to it. how do i go about it? i have created a page to do the user login verification and set sessions to it.

<?php

// Connect to the Database
include_once("../lib/dbconnection/db_connection_crppdb.php");
include_once("../lib/errorMsg/common.php");

// Get ID And Password from Login Page
$id=$_POST['id'];
$password=$_POST['password'];
// encrypt password
$password=md5($password);

if ($_POST['id']=='' or $_POST['password']=='') {
error('One or more required fields were left blank.\\n'.
'Please fill them in and try again.');
}

// Query ID and Password
$query = "SELECT * FROM crpp_user WHERE username='$id' AND password='$password'";
$result = mysql_query($query);

// error message
if (!$result) {
error('A database error occurred while checking your '.
'login details.');
}

$num=mysql_numrows($result);

if ($num == 1) {

// Setup Session
session_start();
session_register ("id");
session_register ("firstname");
session_register ("lastname");
$_SESSION["id"] = $id;

// Get FirstName and LastName
$row = mysql_fetch_array($result);
$_SESSION["firstname"] = $row["firstname"];
$_SESSION["lastname"] = $row["lastname"];

$URL="../main/query/view/searchMenu_1.php";
}
else {
//Clear Session
session_destroy ();

// if false (0) redirect to error page
$URL="../lib/errorMsg/loginError.htm";
}

// Close database connection
mysql_close();

// Redirect page
header ('Location:'. $URL);

?>

i tried to include the codes below to other php pages so as to disallow people to go into the page if he knows the url

session_start();
$firstName = $_SESSION["firstname"];
$lastName = $_SESSION["lastname"];

//Set log in page
$URL = "../../../index.php";

//Check if user login is correct and if not to redirect user to log in page
if ((!isset($firstName)) && (!isset($lastName))){

// Redirect page
header ('Location:'. $URL);

}

please advise, thanks