It would certainly be helpful if you understood client/server communication, and what providing a login page means, before you try to implement something.
If you point your browser at http://my.wonderful.site.com, and see a login page, then what the client (the browser) has done is connect to the server (my.wonderful.site.com), and issued a GET request ("GET / HTTP1.1"). The server returns a stream of data containing html tags that include a form tag, some text editor input fields (for user name and password), and a submit button (and probably some other stuff like a register button, a "Forgot my password link", a "Forgot my user name" link, etc.).
The form has an action associated with it. That action generates another GET request, with data from the input fields - something like "GET /?username=PaulS&password=nosyBastard". It is likely that the client will have been told to encrypt the password, rather than sending it as plain text.
The server, then, sees a DIFFERENT request for a page, and has additional information. The server uses that additional information to determine that the user is known, or not, and does a redirect to a different page. It may send a cookie to the client containing a token that all future GET requests should contain, so that the user name and password don't have to be sent (and checked) again with each request.
You will never get anywhere with having the Arduino serve up a page containing a login screen, and then serve up different pages to authorized users and non-authorized users, until you pay attention to what the client asked for in the GET request.