Not much to go on, I will assume to want to have your own user/pw file and manage them yourself via CGI.

First off, if on unix, make the file permissions 600, so that you and only you can even read them.

As far as users getting logged in, there are multiple nodes here on passing passwords, maintaining state, sessions, etc, etc. Some quick searching should get you squared away quickly.

Be careful with this! (take all the warnings you get here to heart, you're likely gonna get a handful!)