Salting bascially changes the original value and the comparison value with a known figure so the hashes can't be referenced to a lookup table, and so they can't be broken without knowing the salt value. Oh wait, we know the salt value now. Haha, that was easy.
Again, with the big exclamation of, "Everyone lock your doors, they might have gotten a copy of the KEY TO THE KINGDOM! *attachment: high-res picture of key to the kingdom.jpg*"
You forget that everybody and their dog can just go and check out the forum PHP code themselves, and examine the password hashing algorithm in detail.
This mess. ultimately, is the PHP language authors' fault. They seem to argue that securing your scripts (and not just from SQL injections) is the programmer's problem.
A properly designed SQL interface (with prepared statements and placeholders) makes writing code that's prone to injections
more difficult to write than code which isn't.
In PHP, it's the other way round, and the language authors don't think that's a problem.
Well, I happen to disagree, rather vehemently in fact, which is why I try to encourage people to program their web sites in some other language (Python for instance), and why every single PHP-using website on my server runs in a FastCGI sandbox and has (almost) no access to the rest of the system.