Just add a couple random characters (the salt) to passwords before running them through your hash function. Store the salt in a separate field in the database and use it when verifying the password later. This will vastly reduce the risk of dictionary attacks in the event that someone gets a hold of the hashed password.
In config.php (just an example) put: $site_key = "your unique word, phrase or just some gibberish"; So when new users registers or logs in, you access their inputed password with: $password = md5($_POST['password'] . $site_key); This is just an example, you can use your imagination