>>In any case isn't MD5 no longer considered secure?
I have no idea!
Would this work? I get the time when the user registers, I can encode that in the database, and encode it the URL (I currently just store it without encoding it, in the user table).
I can then decode that, grab the salt from the table for that user, use it on the password, and then activate the user accordingly?
I would also have to use something besides the encoded time in the URL though..