I have done this sort of thing a few times before.
What you will need is a front page (index.php) login script (login.php), which takes account of all the security implications (google 'php secure login', XSS, 'SQL injection' etc), and a control panel (cp.php). The control panel should have at the very top of the code a check to see that the person who visits the page is logged in. If not, it should redirect them to index.php (using the header command - see docs.php.net and search 'header'). Otherwise, the page should display the necessary forms for changing password/editing other info etc.
Look up php sessions and have each page start with 'session_start();' Then when the user logs in successfully (within login.php) you can set a session variable thus: '$_SESSION['logged_in']=true;', and redirect the user to cp.php. Then at the top of cp.php, just after 'session_start()', put your login check: 'if (!$_SESSION['logged_in']) {header("Location: index.php");}'
All the information you need is out there - just take the time to read it!
Good luck!
