[eluser]echoDreamz[/eluser]
[quote author="WanWizard" date="1286150596"]For ExiteCMS I even do double hashing:
Code:
// generate a random salt for this password
users->salt = md5(microtime(TRUE));
// create the new password hash
$users->password = md5(md5(set_value('newpassword')).$users->salt);
[/quote]
Do you store the salt somewhere? How do you compare the stored password against the one currently entered? since microtime() changes, the generated MD5 hash would never been the same even with the correct password.