I am not sure if it's just me, but I'd be frightened if I knew my username and password were recorded in nothing more than a user=pass text file. It doesn't even sound like the user is encrypting this information. Instead of reading from and writing to a file, wouldn't it be easier if the user used a flat file database like SDBM or DB_File? It would make it a lot easier to sort by username or password or even search for them by one or the other; not to mention make it a million times easier to change a user=pass by updating the $user{'newpass'];.

I could be wrong, but this was my first thoughts when reading what the original poster asked and wondering why none of the rest of you have mentioned this.

"Age is nothing more than an inaccurate number bestowed upon us at birth as just another means for others to judge and classify us"

sulfericacid