1. The HTTP protocol provides an easy way to introduce authentication using the Authorization header, this can be triggered by a PHP script or by the web-server
2. You should apply a one-way function to passwords
3. You might implement your own fine-grained authentication and save state using URL-parameters/cookies/sessions
4. None of the techniques are really secure - use HTTP on top of SSL (HTTPS) if you are handling sensible data

Resources

• Apache HTTP Authentication
• Introduction to SSL
• SSL