Here’s how I would approach migrating from MD5.
First, in your database, next to your fields for “hash” and “salt”, make a new field for “algorithm”. For all your current records, “algorithm” can have the value “md5”. This way, you’ll know which algorithm was used to generate which hash, which is better than relying on some trial and error process or regexp matching.
Second, make any new user registrations or password changes save using the password_hash functions. In the database, these new entries can have an “algorithm” value of “password_hash”. This way, your old MD5 hashes and your new password_hash hashes are easily identifiable and can coexist without any conflicts.
Third, with your new records taken care of, now it’s time to strengthen all the old MD5 hashes. We’re going to use a new “algorithm” value that I’ll call “md5+password_hash”. We can’t retrieve the original password to make a clean password_hash, so instead we’re going to make a password_hash of the MD5 hash. This way you still get all the benefits of the new algorithm: stronger security, automatic salting, and computationally intensive. The only catch is that you’ll have to take care when verifying a user’s password. You’ll need to check the algorithm field to decide which is the right way to verify this particular hash.