Yes, they're hashed and salted with modern cryptography. No, we're not requiring ANOTHER account just to log into this account. The database has no external access either; someone would need root access to our server to even get the hashes.
Awesome, never expected any less just wanted to make sure :)
Thanks!
BTW, I saw in the About page that your email is randomouscrap98. Were you born in 1998? That would make you 4 years younger than me and way smarter than I was at your age (and honestly, probably smarter than I am now)
Oh no, that was the first time I made an email account. I just kept the number because... IDK. I was born in 91, so I'm not actually smart >.<
Okay, people, Random has explained this stuff before to me in chat, so might as well tell.
When you log in, the webpage sends the username and a MD5 hash of your password. The account name is first checked on the MySQL server (which is not port forwarded, so no one can hack it). If it doesn't exist, the server says that the username or password. If it does, then the server hashes the MD5 hash with Bcrypt, and compares that hash with the one stored on the database. If the hashes match, a session key is sent (as a cookie) to you, and you're now logged in until you close your web browser tab (unless you click Remember me). Else, you're sent a message that the username or password is incorrect.
Now, Bcrypt is one of the best hashing functions, and the MySQL server isn't outside the firewall, so you're not gonna get hacked. So don't worry about security (especially since CloudFlare automatically sets up SSL).
