I would advise you to use the built in password mechanism of the webserver. If you are using apache: start with reading the documentation for require. That way you can easily protect all the files in a directory.

With your solution you only protect the front page, the pictures themselves will still be available directly.

I just made the same mistake when constructing my photo archive. The front page is password-protected, but you can sill access the images is you know the URL. (Example: Damian, giving his talk on Quantum::Superposition is at http://rec.horus.com/pix/2001-03-01/perl-bonn/damian-superpositions.gif

--
Brigitte    'I never met a chocolate I didnt like'    Jellinek
http://www.horus.com/~bjelli/         http://perlwelt.horus.at