The included CGI may require modifications to work properly on your
system. Recommended installation is on an SSL webserver which is *not*
accessible by users (ie, users cannot place files into SSL webspace,
and the SSL server does not run user CGIs). The SSL server process
should run as its own user/group which is not shared by any other
process. The helper applications should *only* be accessible by the
SSL process' group, as one of them requires being run suid as the
spasm user, and the other requires being run suid root. The CGI is
currently set up for a system running PAM authentication with the
databases accessible locally; unless your system fits this
description, you WILL need to modify the CGI.

What needs to be modified?

verifyLogin() is where username/password pairs are authenticated.

Everything else just needs to be perused and modified to taste.

Finally, if you don't understand what the CGI or the helper apps are
doing, how they work, or how to secure them, DO NOT USE THEM! If you
are unable to make the necessary modifications for your system, find
someone who can!