Best use of hash_hmac for passwords

[Lemon Juice]

I want to hash passwordS for db storage using hash hmac algorythm and there are two ways I can think of, which one is better? In both cases I generate a random salt having 16 characters.

First one - the salt is appended to the password and I use some random key. The salt will be different for each user while the key is constant for all. The key is stored in the php code:

PHP Code:

$db_password = hash_hmac('sha256', $password.$salt, CONSTANT_KEY); 


Second - I use the salt as the key:

PHP Code:

$db_password = hash_hmac('sha256', $password, $salt); 


Which method will be more secure?

[social_xperiment]

The first method is more secure; the constant value acts as a pepper, an additional unknown for a malicious user; You can also increase the length of the salt

[logic_earth]

What I do:

PHP Code:

function hmac ( $password, $salt, $algo = 'sha512' ) {
  return hash( $algo, strrev( $salt ) . hash( $algo, $salt . $password, true ), true );
}

$ck = '...long long super long constant salt...';
$uk = '...long long super long user salt...';

$c = hmac( hmac( $password, $uk ), $ck );
var_dump( base64_encode( $c ) ); 


I have a site specific salt which is the same for all users. But I also have a user specific salt that is randomly generated using a cryptographically secure pseudo-random number generator (CSPRNG) that is quite long, way more then 16 characters.

Now...what I actually do is a little more complicated then what it shown here.