after a user has logged in mark in their session that they're authenticated, then put the authentication check function at the top of every/any page you want to be members only and redirect and user who trys to sneak in.
A simple function checking a session value would be along the lines of:
function authUser($permission){
if ($_SESSION["user_status"] =="logged"){
/*They're marked as logged so let them see the page*/
}else{
/*they're not logged in, so redirect them*/
$_SESSION["message"] ="You need to be logged in to access this page";
header("Location: http://www.yoursite.com/login_whatever.php");
}
}
This assumes you set the session when they log in correctly.
/s
