In the comments of the article you refer to it says...
In a more real life scenario, $shash would likely be retrieved from the DB you use to maintain credentials.
When passwords are leaked, I have always assumed that someone has somehow maliciously extracted the data from the User (or equivalent) database table. From this they have got a list of email addresses and password hashes. But if the database table also has the salts in it, is it any more secure than just using a strong encryption algorithm without salting?
Personally I keep name and email address data in a different table to the user ID and encrypted passwords. That table exists in a different schema, albeit within the same RDBMS.