Also, you don’t want to make your own cryptography. Although you might think the way you are doing the passwords is safe, but it’s not really. There’s no salt and there’s no secret key. Also, don’t store your passwords as plain text into your database. You always want to hash the passwords so that hackers can’t access all accounts. When you store passwords as plain text, you allow anyone to see the actual passwords if they have access to your database. You might think “Hey, no one can get into my database because it’s secure.”
Well… That’s wrong. Anyone can get into your database if you are using old codes such as the old MySQL_* library, displaying internal errors on screen, if a user happens to access an admin account, .etc.
Once they get into your database, if you store your passwords as plain text. The hacker will be like “Hmmm, John’s password is AngusMacBadger…”, “Time to delete him and email him a malicious link saying he needs to recover his account using the password AngusMacBadger.” - Note, not everyone is cautious when it comes to the internet. People always randomly click links if it’s a win-win for them, but in the end, it’s actually a lose-win for them.
You should read my topic about password hash because there are a lot of really good points all of those members had posted in my topic.