You'd handle the parameters the same way you would if the cgi script generated the html, using CGI's param method. There is a whole lot more to consider here, especially security - password will be passed in plain text. You may want to look at Ovid's cgi course before you get started.

That said, assume the form is defined like so:

<form action="cgi-bin/testcgi.cgi" method="post">
    <input type="text"     name="user">
    <input type="password" name="password">
    <input type="submit">
</form>
[download]

Look at this cgi script:

#!/usr/bin/perl -T

use warnings;
use strict;
use CGI;

my $q = CGI->new();
print $q->header, $q->start_html;

# find and display all parameters
print "$_: " . $q->param($_) . "<br>" for $q->param;
print $q->end_html;
[download]

$q->param in list context returns a list of each parameter, and $q->param('some_param') returns the value.