Yes, but a salt is different for every row in the database, not hard-coded like you wrote...

You should create password criteria at sign-up.
However, whether they use 'password' as their password or not is really not interesting in this discussion, but rather how to store their password in a way that doesn't open too wide avenues of attack. You should create password criteria at sign-up...