It's not terribly secure, but I love using .htaccess files on Linux. It only works on Linux servers, but you can create .htaccess and .htpasswd files and drop them into your protected directory to keep people from accessing any page in that directory without supplying a username and password. It requires no recoding of any of your pages, any page residing in that directory will require authentication. Check out http://www.traintosuccess.com/online-courses/sales_qa_demo/configurator.php?productid=96 to see this in action.
Create a text file in the following format:
Order allow,deny
Allow from all
AuthType Basic
AuthUserFile /insert_server_path_to_your_password_file_here/.htpasswd
AuthName "This is the message that will appear in the login prompt"
require valid-user
Then you save that file as a .htaccess with no file extension. Then you create your .htpasswd file containing your users like so:
username:18JSWYTXDTkHU
anotherusername:18JSWYTXDTkHU
The username is the actual username you want to allow. The password must be generated using the "crypt" function of UNIX, so you'll need a way to do that, which you can find here:
http://www.euronet.nl/~arnow/htpasswd/
Once you've got your entries in your .htpasswd file, save and upload in ASCII format to the location you specified in your .htaccess file. It need not reside in the same directory as the .htaccess file, in fact it's more secure if it doesn't, but that's your call. Once all your files are uploaded to the correct directories, you should be done. Try it out and see what happens when you try to access your pages in the protected directory. If you're not on a linux server, then you'll need to use a database and some $_SESSION variables and it's much more involved. Either way, you'll probably need to write some kind of user admin program if you have many users to manage. Good luck.
