How should I implement login with secure authentication?

I hear of all these开发者_高级运维 various things such as https, ssl/tls, srp, md5, sha, bcrypt, and so on. Which of these do I need exactly and which do I not need? And in what form should the password be stored in the database?

For normal web, it is implement using http, that is the communication between the client (often browsers) and the server is in plaintext. To ensure the data is encrypted, the ssl is applied on http and thus the acronym https. Now to store the user password in database, you can probably applied one way hash algorithm such as md5 and sha. Thus, when you submit the password over the network, the password is encrypted in the https communication and thus it is safe from the eavedropper. The server should apply the crytographic hash function against the password submit by the user and match against the encrypted password stored inside the database.

Typically, passwords stored in DataBase in such way:
md5($pass.$sercetkey);

Because simple md5 with no additional key can be matched brute force