How do I create a restricted login page

You could build a page that checks for login credentials. Instead of user/pass, you would first enter your phone number or email address, depending on where you want to receive your confirmation code. After retrieving it, you can use it to login. Your database would contain a table with that email/phone and confirmation code, and an expiration date. When trying to login, you would have to check all three. You could even try to add an ip check, so you could only login from the pc where you requested the code. Hope this makes sense.

Thanks.It makes sense.
However, how can I create the page that automatically generates the confrimation code

Yes you can do it by using session , save the protection code in session with expiry limit of 24 hour and when user enter the url with the protection code. using the get method match the protection code with the session . if match fail redirect it to parking page .
same goes for the link with without protection code . even you can display message "your url link has been expired you had to register again "

However, how can I create the page that automatically generates the confrimation code

For example, you could create a hash from the current datetime.

You could build a page that checks for login credentials. Instead of user/pass.logical step is configure user to use rssh. All you have to do is set a user account shell to /usr/bin/rssh.

Create a new user with /usr/bin/rssh
Login as the root user
Type the following command to create a new user called didi:
# useradd -m -d /home/didi -s /usr/bin/rssh didi
# passwd didi

Sample Script

$name = mysql_real_escape_string($_POST['user']);
$pw = mysql_real_escape_string($_POST['password']);
$r = mysql_query("SELECT user_name FROM user WHERE user_name='$name' AND  password = '$pw'");
if(mysql_num_rows($r)>0){
//user exists - keep data in session/cookie or whatever
}else{
//failed login
}