Dinking around

I have actually been doing more than I would have anticipated. I am just dinking around. I spent a lot of time working on user authentication. Right now I encrypt the username and password and add a little salt when the account is created and assign a random system ID. The thinking is that even if someone would download the whole table they could not read the table or guess at it's contents. This will not protect against easy to guess usernames and passwords. I also had to learn about sql insertion. I think I have guarded against that. Now I am figuring out how to deal with session ids. The idea is that some one would not want to supply their userid and password everytime they do something, but you don't want someone stealing their session id and hijacking the system. So my idea is that I store a unique id as a cookie on their system. Every communication will include this cookie. The cookie will be checked and then changed. So every transmission will have a unique session id. I haven't implemented yet.

I am writing programming in notepad and I have not locked into a platform like Ruby on Rails or any of the others out there. I am just exploring PHP, MySQL, and Javascript. So what I have is some simple PHP scripts that allow me to do SQL queries (hard coded with passwords) and a create account and login. That is it.