You might look at How do I modify the shadow password file on a Unix system?.

Think long and hard before you let users change their passwords through a CGI script. Generally, that would be a REALLY bad idea.

If your system uses PAM, you might be able to use Authen::PAM.