Hashing client-side is not a good idea in practice — a leak of your password database leaks direct credentials for logging in. If you're going to go this route, something like the zero-knowledge SRP protocol is necessary.