Your comparison should be made with 'eq' not '==', since you compare strings.

There are other problems, some of which would be pointed out by use warnings; and use strict;. You use CGI;, but then try to parse form data by hand. The param() method will do that for you. You also don't construct $dbi by making a connection to the database. Finally, you can make MySQL do the password comparison for you, and never need to retrieve it.

I assume that the extra Content-Type and print password(!) is for debugging.

After Compline,
Zaxo