Storing Usernames and Passwords
Obviously MySQL is the natural way to store usernames and passwords. But again, we don’t want to store the passwords as clear text, because our website could be compromised if the database were accessed by a hacker. Instead, we’ll use a neat trick called a one-way function.
This type of function is easy to use and converts a string of text into a seemingly random string. Due to their one-way nature, such functions are virtually impossible to reverse, so their output can be safely stored in a database—and anyone who steals it will be none the wiser as to the passwords used. The particular function we’ll use is called md5. You pass it a string to hash and it returns a 32-character hexadecimal number. Use it like this:
$token = md5('mypassword');
That example happens to give $token the value:
Also available is the similar sha1 function, which is considered to be more secure, as it has a better algorithm and also returns a 40-character hexadecimal number.