菜鸟问题！用PHP怎么做认证登陆？(40分)

看书学的，从数据库中检查有没有该用户和密码对不对。有的话就打开页面！
但如果知道通过验证后的页面地址的话就不用登陆了，应该怎么做才能确保
一定要登陆后才能打开受保护的页面啊？？
谢谢！

<?
/* Check for values in $PHP_AUTH_USER and $PHP_AUTH_PW */
if ((!isset($PHP_AUTH_USER)) || (!isset($PHP_AUTH_PW))) {
/* No values: send headers causing dialog box to appear */
header('WWW-Authen
ticate: Basic realm="My Private Stuff"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;

} else
if ((isset($PHP_AUTH_USER)) &amp;&amp;
(isset($PHP_AUTH_PW))){
/* Values contain some values, so check to see if they're correct */
if (($PHP_AUTH_USER != "validname") || ($PHP_AUTH_PW != "goodpassword")) {
/* If either the username entered is incorrect, or the password entered is incorrect, send the headers causing dialog box to appear */
header('WWW-Authen
ticate: Basic realm="My Private Stuff"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
} else
if (($PHP_AUTH_USER == "validname") || ($PHP_AUTH_PW == "goodpassword")) {
/* if both values are correct, print success message */
echo "<P>You're authorized!</p>";
}
}
?>