well salts are just used ot make the bruteforcing of passwords a longer process, it simply takes the pass and adds the salt on the end, then converts it to MD5 (i think)
For example:
You have a password = "password" which has a MD5 hash of "5f4dcc3b5aa765d61d8327deb882cf99"
but if you add a salt = "eth7"
the string becomes = "passwordeth7"
which makes the MD5 = "804462e52e923941708106a10c6fb416"
So, unless the hacker has the correct salt in their dicitonary after the password then the time taken to crack is considerably longer.[hr]
I think it should be something like this, i know its not the right way round but...:
PHP Code:
$password = md5($password,$salt);
$query = "SELECT * FROM mybb_users WHERE username = '$username'";
$result = @mysql_query($query);
$num = @mysql_numrows($result);
//Loop out code
$i=0;
while ($i < 1) {
$luser=@mysql_result($result,$i,"username");
$lpass=@mysql_result($result,$i,"password,");
$lsalt=@mysql_result($result,$i,"salt,");
$i++;
}
if($username == $luser and $password == $lpass, $lsalt){
$article_title = "Login Successful!";