Using Android phone as wifi web server

Wifi hotspots would usually use IPTables to redirect port 80/443 traffic to a local web server.

I have run squid on linux machines in the past on port 3128, then sent all port 80/443 traffic to squid. Then I used squid redirect any url that I didnt explicitly allow to a local web server.

IPTables is accessible on rooted android devices only though.

And I doubt there are many proxy servers available on android, so you would have to send HTTP traffic to a proxy server over the network connection.

Like has been said, you'll need IPTables, but you'll also need a proxy server, like Squid.

Google "transparent proxy with squid", or check here:
Linux: Setup a transparent proxy with Squid in three easy steps

you do not need to have a proxy, you just need a full LAMP stack on your device and IPtables, you can mark all packets that have not been authenticated to forward through to your local page, then using php change the rule for that IP address once the address has authenticated, you could do the same for mac addresses if you wish, you would then also need a daemon that periodically reset each exception