Does your password field in the database have enough characters to store the full MD5 version of the password? If it doesn't then it will be truncated (in the database) and will not match the password they are supplying.
"I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity
." Me Myself & Irene
Validate your HTML