When there is talk about security, Helen Keller's quote comes to mind:

Security is mostly a superstition. It does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than outright exposure. Life is either a daring adventure, or nothing.

No matter how hard I try following these words, there are still some areas where it is wise to think a bit more on properly handling security issues; password handling being one.

Even though logic dictates not to store passwords unencrypted, there are still many cases, even recent ones, where logic is not the first priority. Few years ago, working on a large scale international project, there was a high priority request to hash passwords using 2-way hashing algorithm since MD5 was not secure enough any more. Few weeks later, after a lot of debating, the client agreed to 1-way algorithm. Sadly, there was no time to implement it properly due to the lack of time, so even today MD5 is used. Less talking, more working, perhaps?

If you have not yet, I strongly recommend reading Enough With The Rainbow Tables: What You Need To Know About Secure Password Schemes by Thomas Ptacek, which was published around the same time as the above requirement was active. Two years later, Coda Hale explained good encryption is not enough in a short lesson in timing attacks. Just imagine what will be discovered few years from now?

tl;dr

Long story short, following above guides, I have written a simple PHP bcrypt wrapper class and put it up on GitHub. See README for requirements and basic usage, feel free to fork it and use it.