#check for bad characters
if($FORM{'path'} =~ m/\0|\r|\n/ig){ die "illegal characters"; }

#check for .htaccess file in /home/user/accounts/$FORM{path}
$htaccess = "/home/user/accounts/$FORM{user}/.htaccess";

if(-e $htaccess){ 
	#read .htaccess
	open(HTACCESS, "<", $htaccess) or 
	  die "could not open .htaccess file";
	@lines = <HTACCESS>;
	close(HTACCESS);

	#get username and password
	($correctuser,$correctpassword) = split(/:/,$lines[0]);

	#check if they are right, give access
	if($FORM{'user'} eq $correctuser && 
	   $FORM{'pass'} eq $correctpassword){
		print "access granted";
		access();
	}
	else{   print "access denied"; }
}
#if the .htaccess does not exist then create a new account.
else{
	#makes the directory       
	#error unless the directory already exists 
	#if it exists than the script thinks it's just missing .htaccess
	mkdir($FORM{'user'},0755) or 
	die "error accessing user directory" unless (-d $FORM{user});

	#create .htaccess file and print username:password  
	#this should be encrypted but it is just an example.
	$accessfile = $FORM{'user'} . "/.htaccess";
	open(USERACCESS, ">", $useraccess) or 
	  die "could not create user file";
	print USERACCESS "$username:$password";
	close(USERACCESS);
}