# get stored password from pgsql
#-------------------------------
my $saved_pass   = ExternalFunctions::get_word( $dbh, $login_name );


# hash the password given at login time
# same function is used at registration time to create the password
#-------------------------------
my $key      =  'KE';
my $eword    =  ExternalFunctions::create_encrypted( $word, $key );


#            Compare the strings
#-------------------------------
my $passwd_check;
$saved_pass eq $eword  ?  $passwd_check = "good"
                       :  $passwd_check = "fail";




##</code><code>##

saved_pass is: [bd0e9f94ce671b3cdd13081fa5a8b32f9ccd9ebf] ..
        eword is: [bd0e9f94ce671b3cdd13081fa5a8b32f9ccd9ebf] ..

##</code><code>##

#!/usr/bin/perl

use strict;
use warnings;

package ExternalFunctions;

sub create_encrypted
{
  use Digest::HMAC_SHA1 qw(hmac_sha1 hmac_sha1_hex);
  my ( $given, $key ) = @_;
  my $digest = hmac_sha1_hex( $given, $key );
  return quotemeta( $digest );
}

sub get_word
{
   my ( $dbh, $login_name ) = @_;
   my $sql_passcheck        =  qq{ SELECT word FROM residents WHERE login_name = ? };
   my $sth                  =  $dbh->prepare($sql_passcheck);
   $sth->execute( $login_name );

   my ($saved_pass)         =  $sth->fetchrow_array;

   $sth->finish();
   return $saved_pass;
}

1;


##</code><code>##

apache 1333 on freebsd
mod_perl built with perl 5.8.5
firefox
Postgresql
CGI qw('standard')
CGI::Carp qw(fatalsToBrowser)
CGI::Session
CGI::Cookie
HTML::Template
DBI
Digest::HMAC_SHA1 qw(hmac_sha1 hmac_sha1_hex)