You're going to kick yourself: check out perldoc perlop and the difference between == and eq. (Hint: one is for strings, one is for other stuff.)

Chris
M-x auto-bs-mode

You have major problems on two other fronts. First, it is good practice to   use strict; at the top of your modules. This will keep you out of trouble on numerous fronts.

Second, you're rolling your own CGI form parsing, which is Bad, Bad, Bad. Time invested learning the CGI module will pay dividends.

• Placeholders are easy to use and can save you grief. http://search.cpan.org/doc/TWEGNER/DBI-1.21-bin56Mac/blib/lib/DBI.pm#Placeholders_and_Bind_Values.
• You might want to make your select case-insensitive (depending on your database, this is - afair - the default in MySQL. Worth checking out anyway.). Note that $form{pass} eq $password is case-sensitive, which may or may not be what you want. If it's not case-sensitive, then it's easier to crack, but if it is case-sensitive, then you'll get emails from users who don't understand the Caps Lock key.
• Consider doing SELECT id FROM users WHERE username = ? AND password = ? Then if you get back an id, there's a match, and if not, not. ;)

Hope that helps,
andy.

Your comparison should be made with 'eq' not '==', since you compare strings.

There are other problems, some of which would be pointed out by use warnings; and use strict;. You use CGI;, but then try to parse form data by hand. The param() method will do that for you. You also don't construct $dbi by making a connection to the database. Finally, you can make MySQL do the password comparison for you, and never need to retrieve it.

I assume that the extra Content-Type and print password(!) is for debugging.

After Compline,
Zaxo