I assume you mean from posting something rather than and posting something. The simple explanation is that on any page that requires authorization, you need to check whether the current user is authorized. The simplest way to do this with a secure cookie and is built into PHP via the Session module.
On the login page you would have something like:
if (log_user_in($username, $password)) {
$_SESSION['authorized'] = true;
}
On pages requiring authorization, you would have a check like:
session_start();
if (!isset($_SESSION['authorized']) || !$_SESSION['authorized']) {
// redirect user away
}
Mechanisms for handling the actual logging in and modularizing the session handling/gatekeeping have been done to death and are baked into most CMS or frameworks. If you are using a CMS or framework, you should look into the specifics of authorization/authentication for it which will probably abstract a lot of what I’ve told you.
solved How can I prevent someone that didn’t login into a page? [closed]