Depending on your UNIX flavor, you might have the Pluggable Authentication Module available. If you do, this is incredibly simple using Authen::SimplePam:

use Authen::SimplePam;
my $auth = Authen::SimplePam->new();

my $result = $auth->auth_user($username, $password, 'login');
if ( $result == 1 ) {
  print 'User logged in OK!'
}
else {
  print 'Login failed: ',$auth->result2string($result);
}
[download]

If you are doing this without the benefit of PAM, it could be trickier.

As for security issues, what you really want to do is not send things over clear text -- this means FTP is a poor choice. Try SSH or another secure protocol. Also, your approach of logging in once and then allowing access based on the result code is probably not the best. With something like PAM available, it would be best to actually authenticate each operation that needs privileges.

Unfortunately, that's all the more specific I can be with such a vague question.