The "password" stored in the user-table is md5(concat(md5('password'), salt)).
So if you want to check if password bar for user foo is correct:
[sql]SELECT userid, password=MD5(CONCAT(MD5('bar'), salt)) AS pwdcorrect FROM user WHERE username='foo'[/sql]
- if this does return 0 rows, the username was wrong.
- if it does return a row and pwdcorrect is 0 then the password was wrong
- if it does return a row and pwdcorrect is 1 then the username/password combination is valid