Two choices (off the top of my head, I'm sure there are more):
1 - Set a cookie or session variable on successful login. Check that cookie on the page. If it's there, show the inside page, if not show the login page
2 - On successful login, redirect to inside page using header("Location: [whatever");...] - Down side to this is that they can type the page you redirected to in the address bar and go directly without having to log in.

Well..that's the thing...they don't currently have to log in anywhere no the site. I don't have the foggiest idea as to how to make them log in based on some credentials I give them (or a code I give them in advance)

does this help?
PHP User Authentication and Passwords [webmasterworld.com]

The USER AUTHENTICATION section looks like it may be a good solution to my problem. How exactly would I set that up though? Would I have to write that code in Notepad and upload the file to the server? (I'm a complete newbie)

Also, would that code alone be enough to have the users get prompted with a login? If not, how can I go about creating a simple form where the users have to enter in a code and then have that code be verified on the server before redirecting the user to another page within the website?

look at my code and let me know if it helps you

<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
$_SESSION['username']=$username;
$_SESSION['password']=$password;

// Connect to MySQL

mysql_connect( 'localhost', 'aa', 'admin' )
or die ( 'Unable to connect to server.' );

// Select database on MySQL server

mysql_select_db( 'aa' )
or die ( 'Unable to select database.' );

// Formulate the query

$sql = "SELECT * FROM users WHERE
username = '$username' AND
password = '$password'";

// Execute the query and put results in $result

$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );

// Get number of rows in $result.

$num = mysql_numrows( $result );

if ( $num!= 0 ) {

// A matching row was found - the user is authenticated.

$_SESSION['auth']='true';
header("Location: sell.php");

} else {
$_SESSION['auth']='false';
header("Location: login.php");
}

?>

Thanks for the response Adam. How will this code meet the needs in my earlier post?

so some questions came up about this and I am putting the questions here with Bubzeebub's permission

the questions were specific to the thread I linked to above and referenced this bit of code

session_start();
$newip = $_SERVER['REMOTE_ADDR'];
if (!isset($_SESSION['username']) ¦¦ empty($_SESSION['username']) ¦¦ $newip!= $_SESSION['ip']) { include "logout.php"; }

1) Do I copy this code in notepad and put it on the server?

well, it probably won't work as is. User management/authentication/access systems are never cut and paste. The key to the other thread is there are multiple parts to user authentication, specifically 3.

i. signup/account creation
ii. login
iii. continuous authentication

see below

2) I won't need to verify or gather the ip so how should the code look considering that?

just dump anything that refers to ip

3) What server/hosting requirements are needed to implement this solution?

php and some type of database should do it

4) Also, once the user clicks on the link (or enters in the promo code or login credentials), they would have to be redirected to another internal web page. How would I do that? What would the code look like?

the other thread actually covers most of this but I will try to flush it out a bit.

i. you can not login and authenticate a user you know nothing about. If you don't know them and can not confirm their identity, then they get locked out. Therefore you need to acquire information about your user before you can grant them the ability to login. Now information gathering is a very sensitive process. You can only gather information which you REQUIRE to do business with the user! Yes, big and bold, very important. Remember there are such things as privacy laws. You must protect the information you gather by taking all reasonable measures! Also very important. If you don't need someone's address then don't take it. If you don't need their real name then don't take it. You get my point.

So, gather the information you need and then create an account for them. This is different for everyone, the level at which you protect your 'logged in' section of your site is reflective of how much information you have gathered and how sensitive the data in there is.

Now that they have created an account, username, login or whatever it is for your site they can proceed to a login form.

ii. logging in can be as easy or as complicated as any script you can write. How complex your login is, once again, reflects what you are trying to protect. Maybe they just type in a username and you check your database to see if you have it there. They could also have a username, password and a third, or even fourth, parameter for verification. Again this is different for everyone and you need to decide.

Login scripts just confirm you know the person requesting access and then tag them in a way that allows you to recognize them during their stay. Sites use both sessions and cookies for this purpose.

iii. Authentication, once again, depends on the level of security you are trying to attain. How many checks you run against the session (or cookie) that needs to be present is up to you. The time period you would like the session to be alive and whether you allow the ip to change is up to you.

Authentication just checks that every time someone requests a page that they are allowed to view that page.

You can see that all of these explanation are not specific since every site/scenario is different. Assess your personal situation and then make decisions accordingly.

things you need

a way to recognize the users: signup form, list of coupons sent out, whatever
allow them to login: a form requiring some information and then a script to verify it
authentication: up to you, maybe you just need a cookie to exist, maybe you just store a username in a session or cookie, you could have a complex session with a very short lifetime that stores a lot of data about the user and any small variation will kill it.

Ok ...that was very helpful! Thanks. Once I have the form created and the database intact, how do I go about redirecting the visitor to the new page after they click the form's "Submit" button?

you check all the information they have entered against the database. At the end of the authentication you should have a single variable to tell you whether the login passed or failed. I usually use an error message type variable that is initialized empty.

$errormsg = '';

Then anywhere I run into a problem I put the problem into there

$errormsg .= "<p>there is no such username\n";

then I can just test that variable to see if there were any errors

if (empty($errormsg)) { 
 include "welcome.php"; 
} else { 
 include "login.php"; 
}

the login page would then display the errors on top of the login form. I use include so that the login page can echo the errors with out having to pass them to it. You could use header if you like and redirect them, I just don't.