use strict;
use warnings;
use DBI;
use CGI;
use CGI::Carp qw(fatalsToBrowser);

my $cgi      = CGI->new();
my $username = $cgi->param('username');
my $password = $cgi->param('password');
my $id       = get_uid($username, $password);
my $welcome  = 'http://localhost/cgi-bin/welcome.pl';
my $login    = 'http://localhost/cgi-bin/login.pl';

if ($id) {
    my $cookie = $cgi->cookie(-name => 'login', -value => $username);
    print $cgi->redirect(-location => $welcome, -cookie => $cookie);
}
else {
    print $cgi->redirect($login);
}

exit;

sub get_uid {
    my $username = shift;
    my $password = shift;
    my $db       = 'datab';
    my $usr      = 'root';
    my $pwd      = '';
    my $host     = 'localhost';

    my $dbh = DBI->connect("DBI:mysql:$db:$host", $usr, $pwd,
                           {AutoCommit => 0, RaiseError => 1})
            or die $DBI::errstr;

    my $sth = $dbh->prepare("SELECT id
                            FROM mysql_auth
                            WHERE username = ? AND password = ?");

    $sth->execute($username, $password);
    my ($id) = $sth->fetchrow_array;
    $sth->finish();

    return $id;
}

##</code><code>##

use strict;
use warnings;
use DBI;
use CGI;
use CGI::Carp qw(fatalsToBrowser);

my $cgi   = CGI->new(); 
my $sid   = $cgi->cookie('login');
my $login = 'http://localhost/cgi-bin/login.pl';

if ( ! $sid ){ # exit and return to login.pl! we have no cookies 
    print $cgi->redirect($login);
}

#start using the page! we have cookies
print $cgi->header();

# etc