It looks like other people have already suggested alternatives to crypt, but if you are set on using crypt, here's two suggestions

1. You should always send the user's entire encrypted password as the salt, not just the first two characters:
$password = crypt($INPUT{'password'},$encrypted_password);

2. If you are storing the passwords in mysql, there might be an easier, non-perl solution to authentication for you using the mysql builtin function 'PASSWORD':

my $user = $dbh->quote( $INPUT{'user'} );
my $input_pass = $dbh->quote( $INPUT{'password'} );
my $sth = $dbh->prepare (
"SELECT pass as encrypted_password,
        PASSWORD( $input_pass , pass ) as input_password
 WHERE  user like $user
 FROM passwd_table " );
[download]