PHP-Authentication works like the Tomcat authentication. You give the source to authenticate against (DB, file, XML-RPC, etc.) and the directories/files that shall be protected, and the class handles the rest. No including of any call to a class method on every page is necessary. You can also use it as if it was a standard Auth-class, using a call to "isLoggedIn" on every page that shall be protected.