For requirement (2) you can get the submitted password user name from $ENV{REMOTE_USER}. Presumably if he got this far then this user is properly logged on, so you'd just check whether this particular user has delete rights. Or if you want him to submit his authentication a second time for security, you can get him to do that into a CGI form and then check validity using Apache::Htpasswd.

edit 26/9/02 spartacus9 is quite right, and tactful to call it a 'minor' point - it is of course the user name you get and not the password - my bad.§ George Sherston