Why not ask for a password, encrypt it (with 128bit or something;), check it
with the database (which has the encyrpted pwds) and pass the encrypted
password from page to page...
like: <a href="blah.php?encryptedpassword">
or just a variable which is one indicating that the password was typed in
correctly at least once!
For the mater of direct accessing you could just check if the pwd (or the
var) was passed (is one) and if not -> well no access...
You could also use a cookie and check for it (with the encrypted pwd) but (I
don't know why) cookies seem preaty unsafe too me :o)
just my two cents;)