OK, I will assume you're using MySQL for now.
Let's say you want to create a new user in your [FONT=Courier New]users[/FONT] table, while setting a password:
INSERT INTO users (`username`, `password`) VALUES ("username", SHA1("password"))
And during some login procedure you have on the client side, the webserver could query it like so:
<?php
$username = $_POST['username'];
$password = $_POST['password'];
$rs = mysql_query('SELECT * FROM users u WHERE u.username = "' . mysql_real_escape_string($username) . '" AND u.password = SHA1("' . mysql_real_escape_string($password) . '") LIMIT 1');
if ($user = mysql_fetch_array($rs, MYSQL_ASSOC)) {
echo 'USER FOUND';
print_r($user);
} else {
echo 'USER NOT FOUND';
}
mysql_free_result($rs);
?>
I haven't tested the code, but that's basically how it's done. The passwords are currently unsalted, meaning if users choose the same password they would end up with the same hash.
A recommendation for creating the hash is something like : [FONT=Courier New][password] + [server defined salt] + [unique salt][/FONT]
Eg,
SHA1(CONCAT("password", "server_salt", u.id))
And the same rules would need to be followed on the PHP side as well.