I'm completely new to the security side of things. I have a website with an admin page, admin.php that accesses several .php files which do work for me updating databases etc. So with my admin page I can secure my login using something like:

<?php

define('SALT_LENGTH', 9);

function generateHash($plainText, $salt = null)
{
    if ($salt === null)
    {
    $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
    }
    else
    {
    $salt = substr($salt, 0, SALT_LENGTH);
    }

    return $salt . sha1($salt . $plainText);
}

?>

Is that a good method above, should I be doing something extra?

The php files, say they're stored such as /phpfiles/dosomething.php how do I secure dosomething.php? Should it have a password on it? If I have a password on it how does admin.php access it?

Thanks

Generating a hash is only one part of security and authentication.

As far as access to the scripts goes, the common recommendation is to store your php files outside of the webroot. So you files can't be access using http://domain.com/youphpfile.php Instead using .htaccess redirecting all traffic to an index.php file and routing the request from there.

Depending on the size of the website you are working on have you looked into using some PHP frameworks that have Auth modules?

Alternatively, if you do have a smaller website and you only need a few scripts, consider looking into htpasswd with Apache. So you can password protect an entire directory. i.e. the admin directory in your webroot.