I am in the process of resecuring my registration on my website and want to ask if my password hashing is correct. Or if there is any better more secure way I can do it. I read somewhere that the salt can be written to the database on a per user basis.
This is my security so far:
$salt = sha1(md5($activecode).$username);
$username = mysql_real_escape_string($_POST['username']);
$activecode = mysql_real_escape_string(time());
$pass1 = sha1(md5($_POST['pass1'].$salt));
$pass2 = sha1(md5($_POST['pass2'].$salt));