Passwords are indisputably one of the most sensitive data types to deal with for web developers, especially back end developers who are in charge of PHP and MySQL. Storing passwords is not tricky considering you are just required to do a one-way conversion of them:
$password = 'ilovjenny84'; $salt = 'SHAKY SHARKY 333'; // whatever string $password_hash = sha1($salt.sha1($password.$salt)); // $password_hash = 4c3c8cbb4aa5de1c3ad9521501c6529506c6e5b4
At user sign-in, you just need to hash the entered password all the same way again with the identical $salt you used for storing the password, and compare it with the stored hash string.
Mathematically speaking, with the same attempted password and a consistent salt, the generated hash string will be exactly the same with that stored in the database. From the nature of SHA1 algorithm, you can be rest assured that the attempted password is exactly the same with the password whose hash string is stored.