I'm not sure if what i'm going to suggest is buggable or not, i'm a NOOB.
Create a cookie when a user login, using valid ID/Pass ofcourse, and on each page before the headers- make a check if cookie exists, if it doesnt then redirect the user using meta refresh, else let it view the content of the page according to the passed variables.
******
if(!$cookie['COOKIENAME'])
{
$i=1;
}
else
{
$i=2;
}
******
//add this line in the meta tag
if($i==1)
{
echo ' <meta http-equiv="refresh" content="0;url=URL_OF_YOUR_SITE> ';
}
//and this in the page code
if($i==2)
{
//page code goes here
}
In this way only if the user's cookie is already there, also make a check if it is valid, only then s/he can access the page code, else it will be redirected to the login page- thats where i redirect to.