I am not sure how I lost you but any system that requires usernames and passwords will need a means of evaluating the details user enter to check they are a valid user. All users who cannot be validated should be redirected to the login page to provide valid credentials before they can access known user pages. The evaluation will be carried out using server sided scripting, not all ISP's support scripting and some will only allow certain kinds of scripts. The stored credentials you validate against need to be securly stored if not an experienced hacker may gain access to the credentials and impersonate a valid user. Storing passwords as a hash helps since the hash is an encrypted version of the password that cannot be decrypted.
Hope this helps to clarify things further.