During the login you need to set a flag, usually a cookie and a session variable. On any page you want secured you need a check right at the top (before any output to the browser at all) to see whether these flags have been set. If not then use a header redirect to another page (normally login page).
I can't guarantee it's 100% secure, but it'll certainly be a lot more secure.
If you need any further explanation just let me know.
