Hash passwords better

[waldoj]

All passwords are hashed with md5(), which is not appropriate in 2019. It was barely appropriate in 2006 (when the code was written). PHP has native password functionality — use that.

• [ ] write a method to salt & hash passwords
• [ ] store the salt in Travis CI, to copy to the settings during the deploy
• [ ] write a method to compare passwords to the hash (e.g. on login)
• [ ] figure out what to do about all of the passwords already stored in the database

[waldoj]

Realistically, I think we'll need two, side-by-side password systems. New accounts use the new one. Anybody logging into a legacy account will, invisibly, have their password re-hashed and stored in the new system, and then have their old password wiped. After ~14 months, I think then it's time to zero out any legacy passwords — at that point, those folks can just use the "forgot my password" link to get into their accounts.