[eluser]WanWizard[/eluser]
If you want to do further access checks, your code needs to know which user is logged in. Therefore you should store the user identification (whatever you use) in the session, so it can be retrieved at subsequent requests.
There are a million ways to deal with access control, it's not easy to write a howto in a single post. Have a look first at one of the many authentication libraries posted here, before you decide on writing your own. One of them will probably do the trick, and using it will save you lots of development time.