If you have a custom PHP page on your WordPress site and you want only certain users of your site to be able to view it, you can do it with a few lines of PHP.  Include the following code at the top of your PHP page before any HTML markup.

 * Load WordPress dependencies so we can use
 * their authentication methods.
define('WP_USE_THEMES', true);
if ( !isset($wp_did_header) ) {
	$wp_did_header = true;
	$root = './'; //NOTE: This path must point to the site root
	require_once( $root . 'wp-load.php' );

 * Show error message if the user doesn't
 * have sufficient privelages
if (! current_user_can('publish_posts')) {
	header ('Status: 403 Forbidden');

 * Now we are sure the user is authenticated,
 * run your code here
echo 'User is authenticated';

Note that the code is somewhat hackish, I am including a WordPress file in order to initialize the core without running the template engine. It may not work in the future, but it is tested in WordPress version 3.4 and I feel it will probably be stable for a while.

In my case I checked capabilities to ensure that only users who can publish posts will be able to view the page. I also set an HTTP 403 error in the response header indicating that the request for the resource is not authorized for unauthenticated users.  Setting an error in the response header is important because it will let search engines know not to try and index the content if they manage to find it.  This is what it looks like if you are not logged in, my server runs IIS on Windows, different configurations will look different but they will show a similar message.

IIS 403 Error

This error is shown to unauthenticated users