I'm planning a project that i want to implement it using php and MySQL, i have been searching the net for the best way to do this, i was just wondering if this would be safe:
The user enters the Username and Password.
the user name is hashed using sha1
and the password is hashed with a salt added
if entered correctly they should be equal to what is stored on the database
so if the number of rows returned is equal to '1'
create a couple of session variables
1. password - the hashed password
2. username - the hashed username
and on every page that needs to be protected have a check using the session variables and only allow if the number of rows is = '1' otherwise redirect and exit
would this be a safe technique or can someone spot how this can be exploited
sorry if the example is long winded
any help would be great.
