Is this code secure enough

[eluser]veledrom[/eluser]
Hi,

I use code below to authenticate user login. I have questions though.

Thanks in advance

1. Is it good and/or secure approach?
2. How can I make it harder to break into?
3. Should I store any other dynamic or static data in database to make it more secure?


<b>DATABASE</b>

Code:

CREATE TABLE `users` (
  `id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
  `username` varchar(20) NOT NULL,
  `password` varchar(40) NOT NULL COMMENT 'SHA1 encrypted password',
  PRIMARY KEY (`id`)
);

<b>CONFIG.PHP</b>

Code:

$config['encryption_key'] = "A1.b2,C3?D4_E5?";

<b>LOGIN PAGE</b>

Code:

<form action="http://localhost/index.php/loginout/do_login" method="post">
Username : <input type="text" name="text_username" value="" />
<br />
Password : &lt;input type="password" name="text_password" value="" /&gt;
<br />
&lt;input type="submit" name="submit_button" value="Login" /&gt;
&lt;/form&gt;

<b>CONTROLLER</b>

Code:

class Loginout extends CI_Controller {

public function __construct()
{
  parent::__construct();
}

public function hash_password($password)
{
  $salt  = $this->config->item('encryption_key');
  $hash  = sha1($salt . $password . $salt);
}

public function do_login()
{
  $username = $this->input->post('text_username', true);
  $password = $this->input->post('text_password', true);
  
  $this->db->where('username', $username);
  $this->db->where('password', this->hash_password($password));

  $query = $this->db->get('users', 1);  
  
  echo ($query->num_rows() == 1) ? 'SUCCESS' : 'FAIL';
}
}