This line isn't necessary:
$mypassword = mysql_real_escape_string($mypassword);. Remove that, or move it below the md5 call. It won't make a difference overall since md5 will never return results that can break the SQL structure, but using it before will cause it to escape the data before hashing it which will be different than the original if it includes ".
Looks good otherwise, be aware that a header with a location doesn't actually change your page until after its sent to the client, so if you have instructions beyond those to process they will still run. More often than not you don't want to do this so exit() is usually called immediately after a header('Location...'). With if/else blocks, it has little relevance as it won't enter anywhere else, but it's still a good habit to get into in case you do it in a more bizarre location like within a function.