Unless i'm missing something this extension is not really secure. The user knows both the key and the input and thus can generate their own hash quite easily. Really the server should have a secret key only it knows about. Bawolff 01:34, 23 April 2010 (UTC) nevermind i misread the code.
This post was posted by Peachey88 (Flood), but signed as Bawolff.