One option is to create a file that just checks whether or not a user has access to the current page. Use a cookie to keep track of the user and $PHP_SELF to know the current page.
If they aren't allowed access then echo a meta refresh and die. If they are allowed access then do nothing.
Include this file at the top of each of your pages and your'e done.
