Hi
Samn, a couple of suggestions:
- Placeholders are easy to use and can save you grief. http://search.cpan.org/doc/TWEGNER/DBI-1.21-bin56Mac/blib/lib/DBI.pm#Placeholders_and_Bind_Values.
- You might want to make your select case-insensitive (depending on your database, this is - afair - the default in MySQL. Worth checking out anyway.). Note that $form{pass} eq $password is case-sensitive, which may or may not be what you want. If it's not case-sensitive, then it's easier to crack, but if it is case-sensitive, then you'll get emails from users who don't understand the Caps Lock key.
- Consider doing SELECT id FROM users WHERE username = ? AND password = ? Then if you get back an id, there's a match, and if not, not. ;)
Hope that helps,
andy.