Over on the PHP Zone (from the DZone community site) there's a in-depth tutorial looking at the creation and management of an access control system (users, passwords and what they can do) in your PHP application. It's an excerpt from the Packt book PHP5 CMS Framework Development.
Many websites will want to control who has access to what. Once embarked on this route, it turns out there are many situations where access control is appropriate, and they can easily become very complex. So in this chapter we look at the most highly regarded model role-based access control and find ways to implement it. The aim is to achieve a flexible and efficient implementation that can be exploited by increasingly sophisticated software. To show what is going on, the example of a file repository extension is used.
They talk about some of the general considerations about access control (limiting the number of rules, common difficulties) and plenty of code/database schema to get you started.