yeah, before everyone assumes it's the database md5 function, see original article using md5() before sending to the db:

Code:
<?php

$username = md5($_POST["username"]);
$passwd = md5($_POST["passwd"]);

$handle = mysql_connect(”user”,”pass”,”mySQLHost”);
      mysql_select_db(”yourdb”);
$query = “SELECT r34ln4m3 FROM 1nside0ut WHERE
      md5(l0gn4m3)=’$username’ AND entryw41=’$passwd’”;

$result = mysql_query($query, $handle);

if (mysql_num_rows($result)!=0) {
      //mark as valid user
      header(”Location: private.php”);
      exit;
}

//if the code reaches this part then the login failed
//wrong username/password

header(”Location: public.php”);

?>
As for the rest of the code... ack.... but whatever.