A couple of things,
Use Strict. Your cgi does not actually protect anything, users can bypass the auth.The site that you redirect to needs to be fixed. you generate a filename based on the input of the date, a savvy user can push their own date param and write files at the location of their choice (see example output of ///../ in the date field below, although more complex paths can be entered ).Also you need to change the error output of your web server to hide details such as this: Software error:
Cannot Open File /usr/local/httpd/virtuals/elghome/ips/www.elgin.lib.i
+l.us/bob/.txt for writing: Permission denied at /usr/local/httpd/virt
+uals/elghome/www.elginarea.org/cgi-bin/bobweb.pl line 116.
For help, please send mail to the webmaster (elghome@nsn1.northstarnet
+.org), giving this error message and the time and date of the error.