USALUG, thanks for your suggestion, I will have to look if my host offers https option for me and how much it costs.
Williamc, good suggestion. I read somewhere that HTTP authentication is the most secure authentication method there is. The problem with HTTP authentication is that I do not want users to be thrown an HTTP Auth password screen nor do I want them to be redirected to a separate “members” area. I would like to have the login and password fields on the main page of the site, in the same as it is done here at webproworld (the top-right “username” and “password” boxes). I recon that if I strive for maximum usability to attract repeat users (and I should, according to the numerous postings on this forum), a user should have access to all frequently-used features of the site on the main page.
Xcalabers, I found another hashing method in PHP through md5() function, which one is better mysql password() or php md5()?
So now, this is what I am going to do (please critique or comment on the below steps, your input is very valued):

1.Limit the maxlength value to the input boxes to say, 15 letters (thank you, nelsonez).

2.Use addslashes() on the variables to prevent mysql injection. Will have to make sure that magic_quotes is turned off in the php directive on my host (thank you, smo).

3.Encrypt the password through md5() and check it against the encrypted passwords stored in the database. I think this is useful because even if someone gets access to the user table, he will not know the initial password, only its encrypted value.

4.Register a session variable, i.e. $_SESSION['valid_user'] and redirect user to the members area.


Z01d