Thanks Stephen J Chapman.
I would also go for that either #2 or #5. But will choose #5.
I have another idea, if lets say the server stops working and not serving PHP pages. So in this case it will show the $salt itself on the page it is.
So for this, i thought to create another PHP file (salt.php) and include it in the login.php like this:
$salt = '}#f4ga~g%7hjg4&j(7mk?/!bj30ab-wi=6^7-$^R9F|GK5J#E6WT;IO[JN'; // random string
And then in login.php:
salt.php will be some where in the root dir listings, which can be not known to user. So s/he will just see the login.php page and not the salt random string.
This is just my idea to improve it.