you should not use the password() function
--> this function is only intended to be used for hashing your mysql-accounts passwords
--> this function produces different digests in different mysql version so if you do use it for your own data, you can not update your db-version
--> password() is just like sha1() and md5() a hashing function, so it's one-way. You can not recover the original value from the functions digest...
i also don't understand you intended use --> what's the point in encoding a password? you should store the encrypted value of the password (using sha1() to encrypt it) in your db, and when the user then want to login, you encrypt the password that he used in the login form with sha1() and compare it to the stored one. like
$sql = "SELECT COUNT(*) FROM yourtable WHERE yourusernamecolumn='". $_POST['username'] ."' and yourencruptedpasswordcollumn='". sha1($_POST['pwd']) ."'";
i don't think you realy understand the use of password-hashing so it might be a good idea to searh this forum and the php forum for more info.