What does this do?
How does it do this?
Whats the point?
The point is, your password is not sent over the link in clear text. the server is as able to use the encrypted result of your submission, the random salt value, and the time value to authenticate your password, without without the server having to ever know your original password. Additionally, once you are logged in, the server should be told to only allow login attempts from the same network address you have connected from, until you have logged out or your login session expires, thus preventing session hijacking.
Each time you wish to log in, the random salt and time values used are unique, and so if somebody were able to monitor your network traffic on your same network, and try to log in using the same data you just submitted to the login script, they would be denied, as the value accepted in order to log in would always be unique. The request time would be required to be within 10 seconds of the current time, and trying to log into the same account again within 10 seconds would be disallowed. if someone on your network is able to see the data you send to my server, copy it, and send it to try and also be logged in, this would fail as a result.
This project is ready for database implementation, however, the rest of my site is not ready to use this functionality at this point in time.