I have a web server that runs PHP 5.4.x, which means it doesn't support the password_hash function, so I can't hash passwords. I cannot upgrade the PHP version.
How can I protect passwords without the password_hash function ?
You should take a look at https://github.com/ircmaxell/password_compat
This library is intended to provide forward compatibility with the password_* functions that ship with PHP 5.5.