you do need to head to a database - i'm new to all this too, but it is fun!
Basically you need a database in mysql with (at least) username and password fields in a table. what you can then do is make the username "the primary field", which means that there cant be two ones the same in the table. that way, if someone tries to enter a new user name which is the same as the one beofre, MySQL wont let you (which takes away the need for you to check whether it exists or not!). To authenticate, all you do is check that the password they've entered is the same as the password against their user name in the database - if it is, you let them in, if it's not, then you dont.
MySQL is free to download from MySQL.com and there are loads of books out there for using it with PHP - I personally use a book that I'd very highly reccommend called "PHP and MySQL Web Development" by Luke Welling and Laura Thomson (ISBN 0-672-31784-2): it has loads of tutorials and later on gets into various projects, including e-commerce, user authentication, content management, web based email, web forums and even PDF generation.
Databases are also great since they let a lot of people access the database at once (it can handle ~100 fine, and i think more with fine tuning) - whereas files are tricky in that what happens if two people try to open it at the same time etc. Databases are the way forward my friend -- head over to MySQL.com and read all about it, and then we look forward to being able to help some more!
