If you want to do a really simple one try this:
It's very crude but works as long as the site is not supposed to be VERY secure.
If you really do need to bear in mind security you could research the following:
Post the form to a password checking script > if correct set a sess_id and store it in a db > at the top of each subsequent page check that the session id is in the table and if its not chuck the person out.
A further measure may be to ensure also that the user has clicked somewhere in 10 mins and make their login expire if they have not.
Using this you can stop people entering your site without logging in (if they have bookmarked a page).
Hope this helps,