JDcrack posted all the links you will need to get you started, but it can be overwhelming for the un-initiated.
In an attempt to summarize, your choices boil down to .htaccess, or a session based user authentification system such as native $_SESSION's, or building your own authentification system either from scratch or with the help of available libraries. .htaccess will protect all the files in a directory, the latter will protect script based files. The security of any system is what you build into it.
Or, it is possible to employ a combination of systems. They each have various pros and cons, the signifigance of which is determined by your site use and visitors expected.
Clear now? 🙂
