Well, I tried to do with steamid, as if it were a password and receive the data through POST, however I find this a very insecure way since Hackers can change steamid and log in to other users account.
I would like to know how best to create a genre of a password, or a hash, to prevent hacking attacks.
Thank you.
Best way to encrypt on your system is to make a password based on the user's choice with 3 encryptions.
Ex: User chooses the password (12345)
Criptografia 1: MD5(12345) = Resultado: 827ccb0eea8a706c4c34a16891f84e7b
Criptografia 2: SHA-256(Cript 1) = Resultado: 30fdf15fd513fd69085f9344ff2d5d716254aa367bcac88e78ee60ad0298d606
Criptografia 3: SHA-256(Cript 2) = Resultado: 4ac3e4f57090ed6de97f2a839fe505cb05ace7d2cbc8f75865ca95cabeb173e0
In this way you get unbreakable encryption so far and it is impossible for a hacker to set the password.
There are also server protections to avoid sql_inject as
strip_tags($senha);
With these and other anti-sql_inject uses you will have a perfect encryption, another thing is you add a CheckSun to the user (like Steam_id) that takes that checksum + password and encrypts it again.
With this you will have almost 100% protection against attacks, it is worth remembering that for a hacker to change the password or to have access does not depend only on the encryption, also of the protection against SQL_INJECT!