swa66 - 11:43 pm on Apr 29, 2013 (gmt 0)
Looks much better.
One slight point of worry lies in the use of uniqid(mt_rand(), true) ...
It's not really a problem for a salt - but uniqid is not generating random data in terms of cryptography. Cryptographic random has terribly high requirements.
Again: not a big deal for a salt - its only purpose is to combat rainbow tables, just be careful to use a real random generator when needed. E.g. [php.net...] is as cryptographically sound as it gets (being part of a cryptographic library helps a bit).
A tip: when a user changes their password: also generate a new salt. (again minor compared to it all, but for the best results...).
I'm not sure why you store the session_id in the user table ...