This link is your best friend: PHP Manual
IMO, you're best option is using a php sessions
About security: If you're serious about keeping this username/password a secret, you'll want to load at least that first submit to a https:// form. That is the only, I repeat, only
way to even pretend you're you're keeping it private.
What you do with it once you get it, is a better question... I would say look in to the mcrypt and hash functions of PHP. If you store the password in plain text anywhere
, it's a candidate for hijacking. It could be captured by a black-hat(or more likely, a script kiddie) and used against you, or your user.