sub authenticate {
        my ($cgi, $dbh, $session) = @_;

        my $login = $cgi->param("login")    or return;
        my $psswd = $cgi->param("password") or return;

        my $profile = $dbh->selectrow_hashref(qq|
            SELECT * FROM profile WHERE login=? AND 			  psswd=PASSWORD(?)|, undef, $login, $psswd);

        # logged in successfully!
        if ( $profile ) {
            $session->param(MEMBER_PROFILE => $profile,
                            logged_in      => 1);
            $session->clear( ["login_failures"] );
            return $profile;
        }

        # if login failed, increment the counter:
        my $i = $session->param( "login_failures" ) || 0;
        $session->param( login_failures => ++$i );
        $session->clear( ["logged_in"] );
        return;
    }

Example 3: The authenticate() function.