To prevent other clients, you could simply pass some type of hidden "client password" to the server.
So user submits login password, the client silently sends client password.
You end up with
Login
Password
ClientPassword
If the ClientPassword is not correct, don't allow the connection.