That's what I'm saying. 99% of the work is getting the requirements from the client, their design etc.

Here's some  script which is full of bugs and gets you what you payed for:
I started at 12:27PM, finished at 12:31pm.


admin.php
<?php
session_start();

// Check if user is logged in
if (!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] !== true) {
    header('Location: login.php');
    exit;
}

// Function to get all pages
function getPages() {
    $pagesFile = 'pages.json';
    if (file_exists($pagesFile)) {
        $pagesJson = file_get_contents($pagesFile);
        return json_decode($pagesJson, true);
    }
    return [];
}

// Function to save pages
function savePages($pages) {
    $pagesFile = 'pages.json';
    $pagesJson = json_encode($pages);
    file_put_contents($pagesFile, $pagesJson);
}

// Handle form submission
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $pages = getPages();
    $action = $_POST['action'];
    $id = $_POST['id'];
    $title = $_POST['title'];
    $content = $_POST['content'];

    if ($action === 'create') {
        $pages[] = ['id' => uniqid(), 'title' => $title, 'content' => $content];
    } elseif ($action === 'update') {
        foreach ($pages as &$page) {
            if ($page['id'] === $id) {
                $page['title'] = $title;
                $page['content'] = $content;
                break;
            }
        }
    } elseif ($action === 'delete') {
        $pages = array_filter($pages, function($page) use ($id) {
            return $page['id'] !== $id;
        });
    }

    savePages($pages);
    header('Location: admin.php');
    exit;
}

$pages = getPages();
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Admin Panel</title>
</head>
<body>
    <h1>Admin Panel</h1>
    <h2>Create New Page</h2>
    <form method="POST">
        <input type="hidden" name="action" value="create">
        <label for="title">Title:</label>
        <input type="text" id="title" name="title" required>
        <label for="content">Content:</label>
        <textarea id="content" name="content" required></textarea>
        <button type="submit">Create Page</button>
    </form>

    <h2>Existing Pages</h2>
    <?php foreach ($pages as $page): ?>
        <h3><?php echo htmlspecialchars($page['title']); ?></h3>
        <form method="POST">
            <input type="hidden" name="action" value="update">
            <input type="hidden" name="id" value="<?php echo $page['id']; ?>">
            <label for="title_<?php echo $page['id']; ?>">Title:</label>
            <input type="text" id="title_<?php echo $page['id']; ?>" name="title" value="<?php echo htmlspecialchars($page['title']); ?>" required>
            <label for="content_<?php echo $page['id']; ?>">Content:</label>
            <textarea id="content_<?php echo $page['id']; ?>" name="content" required><?php echo htmlspecialchars($page['content']); ?></textarea>
            <button type="submit">Update Page</button>
        </form>
        <form method="POST" onsubmit="return confirm('Are you sure you want to delete this page?');">
            <input type="hidden" name="action" value="delete">
            <input type="hidden" name="id" value="<?php echo $page['id']; ?>">
            <button type="submit">Delete Page</button>
        </form>
    <?php endforeach; ?>
</body>
</html>

login.php
<?php
session_start();

// Check if form is submitted
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $username = $_POST['username'];
    $password = $_POST['password'];

    // In a real-world scenario, you would validate against a database
    // For this example, we'll use hardcoded credentials
    if ($username === 'admin' && $password === 'password') {
        $_SESSION['logged_in'] = true;
        header('Location: admin.php');
        exit;
    } else {
        $error = "Invalid username or password";
    }
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Login</title>
</head>
<body>
    <h1>Login</h1>
    <?php if (isset($error)): ?>
        <p style="color: red;"><?php echo $error; ?></p>
    <?php endif; ?>
    <form method="POST">
        <label for="username">Username:</label>
        <input type="text" id="username" name="username" required>
        <label for="password">Password:</label>
        <input type="password" id="password" name="password" required>
        <button type="submit">Login</button>
    </form>
</body>
</html>


.htaccess
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /path/to/.htpasswd
Require valid-user
.htpasswd
admin:$apr1$q9mvbkia$jgejsle4u56Bf5e1KwIrw1

And to view:
.htaccess
RewriteEngine On
RewriteBase /

# If the requested file doesn't exist, route to our PHP handler
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ page_handler.php?page=$1 [L,QSA]

Plus a stupid page where you might want to whitelist some URLs:
<?php
// Get the requested page from the URL
$requestedPage = $_GET['page'] ?? 'index';

// Remove any file extension if present
$requestedPage = preg_replace('/\.[^.]+$/', '', $requestedPage);

// Construct the file path
$filePath = __DIR__ . '/' . $requestedPage . '.html';

// Check if the file exists
if (file_exists($filePath)) {
    // Read the content of the HTML file
    $content = file_get_contents($filePath);
    
    // Output the content
    echo $content;
} else {
    // If the file doesn't exist, show a 404 error
    header("HTTP/1.0 404 Not Found");
    echo "<h1>404 Not Found</h1>";
    echo "<p>The requested page '" . htmlspecialchars($requestedPage) . "' could not be found.</p>";
}
?>