On my user info update form, i let users update the pass along with other things. If they don't want to update the password in the form, they leave it blank, as in the field is left empty. On the process page, if the field is blank i insert their existing password from the db (its md5) and if they changed it i want the new password in. Below is what i am using to try and accomplish that, but it is double md5-ing no matter what:
if (!get_magic_quotes_gpc()) {
$newpass = mysql_escape_string($_POST['password']);
$newpass = md5($_POST['password']);
}
// If $dob is empty
if (empty($newpass)) {
$newpass = "$passis"; //$passis = the password stored in db which is md5
}