Your description is still not very clear?

• Of course the two form entries can end up $hit and $strike

Why "Of course"?

You talk about $hit and $strike and then go on to use them as if they are arrays with if (/$hit[0]/ || /$strike[1]/) {?

You also fail to mention what $hit and $strike actually represent?

Making a lot of assumptions about what your code is trying to do:

Assuming one of these vars is contains an userid, and the other the associated password, and that the code's intent is to check the password for the given userid, your method is fundementally flawed.

You appear to be looping through array and checking if either appears anywhere in the file!

This means that only one of the two has to be somewhere in the array and your $flag will be set true.

In other words, I would only have to guess any userid or any password to pass your test!! Not good.

Update:Example code withdrawn.

All of that said, you really need to think about way you are implementing this as it is full of holes as far as a security mechanism is concerned.

I strongly urge you to read perlsec and find out about the -T switch.