Hi Phweda,

I would suggest not calling an external program at all. Digest::MD5 has been in the Perl core since v5.8.

use Digest::MD5 qw/md5_hex/;
print md5_hex("123456"), "\n";
__END__
e10adc3949ba59abbe56e057f20f883e
[download]

(Update: Corion was a bit quicker than me ;-) )

Unfortunately, your code appears to have multiple security holes. As unpleasant as it might be to hear, such holes are nowadays considered quite serious. If this CGI script is public-facing, or anyone untrusted is using it, I have to recommend against using this script.

1. You're calling an external command with apparently unchecked user input ("open( CLIMD, "/usr/bin/md5sum --string=\"$newhashpassword\" |");"). I wrote about that, and ways to avoid it, here (although in this case the solution is even simpler, not call an external program at all).
2. SQL injection (e.g. "$dbh->prepare("SELECT ... WHERE ... email = '$FORM{EMAIL}'");"). You can read about that here; use DBI's placeholder feature instead.
3. Your code seems to be vulnerable to a Cross-site scripting (XSS) attack, see also this. (Update: You could use CGI's escapeHTML() function.)

I am also wondering about what sub ParseForm looks like. It's possible that some verification of the input might be done there that reduces the risk of the above, but until that is clear, it's better to err on the side of caution.

In regards to your question here: F447B20A7FCBF53A5D5BE013EA0B15AF is the MD5 sum of the string "123456\n".

Hope this helps,
-- Hauke D