my $sth = $db->prepare( q{SELECT userid, password from user where userid = ?} ) or die $dbh->errstr;
$sth->execute($username) or die $dbh->errstr;
my ($uid, $pass) = $sth->fetchrow_array;
if ($pass ne $hashPassword) {
  error();
}