Have you figured out yet that the password checking needs to be done on the servr side, and it is not the HTML that does it? Here is the flow:
2) Assuming for now that you just want to have people log in every time, then the user is presented with a login page.
3) The user fills in their info, hits submit, and the information is sent to the server.
4) On the server, some script gets the information. The script queries the database. If there is a user equal to the user in the form, then it compares the password from the database with the password the user submitted.
5) If the password and username match those found in the database, the user gets to see one page. If they are not the same, the user gets another page.
I don't know anything about ColdFusion, but I don't need to. The process is the same whether one is using .Asp, CGI scripts, Java, or PHP. Your form will call a .cfm file on the server. The .cfm file does the comparison and returns the HTML page.
Does that help at all? I have a post here
that explains the process using PHP. It is the same process, just with a different language.