sub do_auth_check
{
  # get self object and CGI query object
  my $self = shift;
  my $q = $self->query();
  
  # get user info from cookies
  my($uname,$pwd) = ( $q->cookie('username'), $q->cookie('password') );
  warn($uname.':'.$pwd); # DEBUG use only
  
  # build command
  my $com = 'env QUERY_STRING=username='.$uname.'\;password='.$pwd.' /usr/bin/custom_auth_tool';
  warn('running command "'.$com.'"'); # DEBUG use only
  
  # run command through a pipe
  open(WEBOS,"$com|");
  $com = join('', <WEBOS>);
  close(WEBOS);
  
  # remove newlines (should also take care of tainting, IIRC)
  $com =~ s/\x0D?\x0A//g;
  
  warn('ran command "'.$com.'"'); # DEBUG use only
  return $com;
}