Hi,
I would just like your feedback on something.
Basically I have a value called $uniqueID which is = ID + First Letter of First Name + First Letter of Last Name + The String "CAN"
I have then turned $uniqueID into a salt value as followed $salt = sha1($uniqueID);
I have then turned the user's password into a hash value using md5().
I have then stored these two values seperatley in a database using the correct data types.
I was just wondering if this would be a secure way to secure two types of user validation ? The password validation would be done by the user and the $uniqueID would be done via a script.
I won't be offering a service to remind you of your password you will have to create a brand new one.
I have also implmented some secuirty for the sessions.