reneethistle
New Member
I am in the process of resecuring my registration on my website and want to ask if my password hashing is correct. Or if there is any better more secure way I can do it. I read somewhere that the salt can be written to the database on a per user basis.This is my security so far:\[code\]$salt = sha1(md5($activecode).$username);$username = mysql_real_escape_string($_POST['username']);$activecode = mysql_real_escape_string(time());$pass1 = sha1(md5($_POST['pass1'].$salt));$pass2 = sha1(md5($_POST['pass2'].$salt));\[/code\]