[SOLVED] simple pass check in my register form

[quickstopman]

im probly doing this wrong but i have a register script which is right here:

<?
ob_start();
session_start();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<script src="../js/javascript.js"></script>
<html>
<head>
<title>Register!</title>
<style>
.needed {
background-color:#FFFF99;
border: 1px solid red; 
padding:5px;
}
</style>
</head>
<body>
<?
if(!isset($_SESSION['username'])){
include("header.php");
?>
<center>
<h1>Register!</h1>
<font color="red" class="needed">All the fields highlighted are required</font><br>
<br>
<form action='<?=$_SERVER['PHP_SELF']?>' method='POST'>
<table width="379">
<tr>
<td class="needed">
Username: <td><input type='text' name='username'></td>
</td>
</tr>
<tr>
<td class="needed">
Password: <td><input type='password' name='password'></td>
</td>
</tr>
<tr>
<td class="needed">
Confirm Password: <td><input type='password' name='passwordcheck'></td>
</td>
</tr>
<tr>
<td class="needed">
E-mail: 
<td><input type='text' name='email'></td>
</td>
</tr>
<tr>
<td>
Fullname: <td><input type='text' name='fullname'></td>
</td>
</tr>
<tr>
<td>
<input name="register" type="submit" value="Submit">
</td>
</tr>
</table>
</form>
</center>
<?

include('config.php');
///variables...
$submit=$_POST['register'];
$username = mysql_real_escape_string(strip_tags(htmlspecialchars($_POST['username'])));
$password = md5($_POST['password']);
$realpass = $_POST['password'];
$passcheck = $_POST['passcheck'];
$email = mysql_real_escape_string($_POST['email']);
$fullname = mysql_real_escape_string($_POST['fullname']);
//if button is pressed
if($submit){

if ($password = $passcheck) {
return true;
} else {
echo "Your passwords don't Match";
return false;
}
if (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+$", $email)){
   header("Refresh:1.5");
echo "<br>Please enter a valid Email!";
return false;
}

$query = "SELECT * FROM `users` WHERE username = '".$username."' LIMIT 1";
$result = mysql_query($query);
if (!$result) { die(mysql_error()); }
$rows = mysql_num_rows($result);
if ($rows > 0) {
echo '<br>User already exists!';
}
else { 

//if username is not blank..same for pass
if(($username) and ($password) and ($email) and ($username!==NULL) and ($password!==NULL) and ($email!==NULL)){
$sql="INSERT INTO `users` (`id`,`username`,`password`, `email`, `fullname`) VALUES ('NULL', '".$username."','".$password."', '".$email."', '".$fullname."')";
mysql_query($sql) or die(mysql_error());
echo "Congratulations! You are registered!<br><a href='default.html'>Log in</a>";

$to = $email;
$subject = "Welcome!";
$message = "Thanks for Joining Getmetola.com!
here is your User Info! (you don't wanna forget this!). 

Username: ". $username ."
Password: ". $realpass ."

Thanks!
from Getmetola.com";
$from = "admin@getmetola.com";
$headers = "From: $from";
mail($to,$subject,$message,$headers);

}
}
}
} else {


header("Refresh:1; url=default.html");
echo "You can't Register when your Logged in!!";

}
?>
</body>
</html>

no matter what i do it always says "your passwords don't match!"

can someone tell me what im doing wrong

[trq]

Because your md5'ing $password, but not $passcheck.

[quickstopman]

ahh

ok

[quickstopman]

i just made new variable called realpass which gets the real password and compares it

im gonna test it now

[quickstopman]

here is the newly updated code

<?
ob_start();
session_start();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<script src="../js/javascript.js"></script>
<html>
<head>
<title>Register!</title>
<style>
.needed {
background-color:#FFFF99;
border: 1px solid red; 
padding:5px;
}
</style>
</head>
<body>
<?
if(!isset($_SESSION['username'])){
include("header.php");
?>
<center>
<h1>Register!</h1>
<font color="red" class="needed">All the fields highlighted are required</font><br>
<br>
<form action='<?=$_SERVER['PHP_SELF']?>' method='POST'>
<table width="379">
<tr>
<td class="needed">
Username: <td><input type='text' name='username'></td>
</td>
</tr>
<tr>
<td class="needed">
Password: <td><input type='password' name='password'></td>
</td>
</tr>
<tr>
<td class="needed">
Confirm Password: <td><input type='password' name='passwordcheck'></td>
</td>
</tr>
<tr>
<td class="needed">
E-mail: 
<td><input type='text' name='email'></td>
</td>
</tr>
<tr>
<td>
Fullname: <td><input type='text' name='fullname'></td>
</td>
</tr>
<tr>
<td>
<input name="register" type="submit" value="Submit">
</td>
</tr>
</table>
</form>
</center>
<?

include('config.php');
///variables...
$submit=$_POST['register'];
$username = mysql_real_escape_string(strip_tags(htmlspecialchars($_POST['username'])));
$password = md5($_POST['password']);
$realpass = $_POST['password'];
$passcheck = $_POST['passcheck'];
$email = mysql_real_escape_string($_POST['email']);
$fullname = mysql_real_escape_string($_POST['fullname']);
//if button is pressed
if($submit){

if ($passcheck = $realpass) {
return true;
} else {
echo "Your passwords don't Match";
return false;
}
if (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+$", $email)){
   header("Refresh:1.5");
echo "<br>Please enter a valid Email!";
return false;
}

$query = "SELECT * FROM `users` WHERE username = '".$username."' LIMIT 1";
$result = mysql_query($query);
if (!$result) { die(mysql_error()); }
$rows = mysql_num_rows($result);
if ($rows > 0) {
echo '<br>User already exists!';
}
else { 

//if username is not blank..same for pass
if(($username) and ($password) and ($email) and ($username!==NULL) and ($password!==NULL) and ($email!==NULL)){
$sql="INSERT INTO `users` (`id`,`username`,`password`, `email`, `fullname`) VALUES ('NULL', '".$username."','".$password."', '".$email."', '".$fullname."')";
mysql_query($sql) or die(mysql_error());
echo "Congratulations! You are registered!<br><a href='default.html'>Log in</a>";

$to = $email;
$subject = "Welcome!";
$message = "Thanks for Joining Getmetola.com!
here is your User Info! (you don't wanna forget this!). 

Username: ". $username ."
Password: ". $realpass ."

Thanks!
from Getmetola.com";
$from = "admin@getmetola.com";
$headers = "From: $from";
mail($to,$subject,$message,$headers);

}
}
}
} else {


header("Refresh:1; url=default.html");
echo "You can't Register when your Logged in!!";

}
?>
</body>
</html>