I'm a little confused - I'm not quite sure that your code snippet matches your question, but if I understand you correctly, you want to protect your website with a password, but not use an htaccess file.

It seems to me that the easiest way would be to use CGI::Session, and create a "logged-in" session value. This way, nothing is stored on the client other than a link from the cookie to the session variable.

An example of how to do this is in the CGI::Session::Cookbook

An aside - your code uses the crypt function. This does not create the md5 hash mentioned in the question title. To create an MD5 hash use something like Digest::MD5