$FORM{'user'} = "cjf";
$FORM{'pass'} = "1234";

# why was the following line there?
# if($FORM{'path'} =~ m/\0|\r|\n/ig){ die "illegal characters"; }

#check for .htaccess file in /home/user/accounts/$FORM{path}
$htaccess = "/home/cjf/accounts/$FORM{user}/.htaccess";

if (-e $htaccess){
    open(HTACCESS, "<", $htaccess) or  die "could not open .htaccess file";
    # added chomp
    chomp(@lines = <HTACCESS>);
    close(HTACCESS);

    ($correctuser,$correctpassword) = split(/:/,$lines[0]);

    if ($FORM{'user'} eq $correctuser && $FORM{'pass'} eq $correctpassword){
        print "access granted";
        access();
    } else {   print "access denied"; }
}
else {
    mkdir($FORM{'user'},0755) or die "error accessing user directory" unless (-d $FORM{user});

    $accessfile = $FORM{'user'} . "/.htaccess";

    # changed $useraccess to $accessfile
    # changed $username to $FORM{'user'}
    # changed $password to $FORM{'pass'}

    open(USERACCESS, ">", $accessfile) or die "could not create user file";
    print USERACCESS "$FORM{'user'}:$FORM{'pass'}";
    close(USERACCESS);
}