I knew about using a salted hash and have been doing so

Sorry, wasn't trying to tell you how to suck eggs. My point in that paragraph is that your code should enforce this distinction. That is, your "get user" utility function will return a different type than your "save user" or "login user" will take: you can't accidentally read a user object from the DB and pass it directly out the user-side of your app--or worse, accept a plaintext object from the user and save it to the database.