Password-protected login is dealt with on the server. You need to know what webserver software your host is running. Your first stop for info and advice on this subject should be your web hosting company.

If the host does not offer any services there is a trick
that simulates password validation. It requires using javascript.
(If you unfamiliar with javascript then this will be too
much to digest).
You first create a .js file that sets a var (say 'mypage')
equal to the entire html text that you wish to display
if the user's password is validated. That file must be present
on the server.

Then write javascript in your page that will detect a
url?parm or detect a cookie that has been set. The parm (or cookie)
will contain the
name of your .js file. Supposing this name is detected and
placed in the var 'jsString' then have your javascript code
write a line =
'<script type="text/javascript" language="JavaScript"
src="' + jsString + '"></script>'
Finally you code an <input type='password' name='mypass'> tag and a <input type='button'
onclick='someFunction(document.aform.mypass)'> in a <form>..<.form>
(you can fill in the details).

The idea is that the <form asks for 2 parms,
what you call 'di & 'password' the button
causes the two parms (id & password) (thru the function
you write) to generate a potential .js name.
This gets passed to the page again. And this time
the .js name is detected and the dynamic
<script line (above) causes an invocation of the .js file.
IF the 'id' & 'password' are what you intended, then the .js name
will be real and that file will be included. This sets the
'mypage' var. Lastly you have a method in the body which
will open up a new window and write the
contents of 'mypage' to that new window, thus simulating
the invocation of a 'validated' page.