You could use a simple login system and use sessions to allow access to certain pages e.g.
session_start();
if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {
header ("Location: login.php");
}
This example just stops the user from accessing any other pages without first logging in. The login page would change the session like so:
if (!empty ($username) && !empty ($password)){
$sql = mysql_query ("SELECT * FROM users WHERE username='".$username."' AND password ='".$password."' LIMIT 1");
if (mysql_num_rows ($sql) > 0){
$_SESSION['login']=1;
$_SESSION['username']=$username;
header ("Location: index.php");
}
That's just a basic example but hopefully you can see what can be done using a user's table and sessions :)