Absolutely. If you are looking for something simple, you can use CodeIgniter session library and check user login state in controller __construct method, if all controller methods should be protected, or in individual methods. If session state isn't available or is not set as successfully logged in, send user to login page, the return once your hard coded passwords was entered.