Well, authentication and authorisation are two different things:
authentication verifies that you are who you say you are; authorisation
verifies that you are allowed to do what you are trying to do.
For a simple system, you can have just the authentication step, and
assume that anyone who is authenticated is allowed to do anything.
An authentication function might take two arguments (a username and some
secret token--probably a password) and return true if the token
authenticates that username, else it'd return nil. It's often useful
for the true value to be the username itself.
You could store passwords in a hash table; if there is no key in the
table with the username then you know it doesn't exist; if the value
doesn't match the provided password then it's a bad password.
This is pretty basic stuff; you should be able to go from here.
--
Robert Uhl <http://public.xdi.org/=ruhl>
No one has even begun to understand comradeship who does not accept
with it a certain hearty eagerness in eating, drinking or smoking, an
uproarious materialism which to many women appears only hoggish.
--G.K. Chesterton