Not sure about your problem, I use Apache::AuthDBI for my basic authentication, didn't have any problem with it. If you want to only allow paid users, you can certainly put it in the "where" class in the SQL statement (for AuthDBI, it is Auth_DBI_pwd_whereclass). I'm not sure whether you can change the message dynamiclly in Basic Authentication.