I have a script thats is writing a scrambled password to the database and I am trying to pinpoint where in the script its scrambles it?

Here is the database screen shot of the scrambled passwords.


Here are the PHP scripts that is used to write to the database: (They take you through the registration process, please pinpoint the script that would make password post a scrambled password to the database.)

REGISTRATION FORM
PHP Code:
<form method=post action="register_new.php">
 <
table bgcolor=#cccccc>
   
<tr>
     <
td>Email address:</td>
     <
td><input type=text name=email size=30 maxlength=100></td></tr>
   <
tr>
     <
td>Preferred username <br />(max 16 chars):</td>
     <
td valign=top><input type=text name=username
                     size
=16 maxlength=16></td></tr>
   <
tr>
     <
td>Password <br />(between 6 and 16 chars):</td>
     <
td valign=top><input type=password name=passwd
                     size
=16 maxlength=16></td></tr>
   <
tr>
     <
td>Confirm password:</td>
     <
td><input type=password name=passwd2 size=16 maxlength=16></td></tr>
   <
tr>
     <
td colspan=2 align=center>
     <
input type=submit value="Register"></td></tr>
 </
table></form
REGISTER_NEW.php
PHP Code:
 //create short variable names
  
$email=$HTTP_POST_VARS['email'];
  
$username=$HTTP_POST_VARS['username'];
  
$passwd=$HTTP_POST_VARS['passwd'];
  
$passwd2=$HTTP_POST_VARS['passwd2'];
   
// start session which may be needed later
   // start it now because it must go before headers
   
session_start();

 
   
// check forms filled in
   
if (!filled_out($HTTP_POST_VARS))
   {
      
do_html_header('Problem:');
      echo 
'You have not filled the form out correctly - please go back'
          
.' and try again.';
      
do_html_footer();
      exit; 
   }    

   
// email address not valid
   
if (!valid_email($email))
   {
      
do_html_header('Problem:');
      echo 
'That is not a valid email address.  Please go back '
           
.' and try again.';
      
do_html_footer();
      exit;
   } 

   
// passwords not the same 
   
if ($passwd != $passwd2)
   {
      
do_html_heading('Problem:');
      echo 
'The passwords you entered do not match - please go back'
           
.' and try again.';
      
do_html_footer();
      exit;
   }

   
// check password length is ok
   // ok if username truncates, but passwords will get
   // munged if they are too long.
   
if (strlen($passwd)<|| strlen($passwd) >16)
   {
      
do_html_header('Problem:');
      echo 
'Your password must be between 6 and 16 characters.'
           
.'Please go back and try again.';
      
do_html_footer();
      exit;
   }
   
// attempt to register
   
$reg_result register($username$email$passwd);
   if (
$reg_result === true)
   {
     
// register session variable 
     
$HTTP_SESSION_VARS['valid_user'] = $username;
     

     
// provide link to members page
     
do_html_header('Registration successful');
     echo 
'Your registration was successful.  Go to the members page '
          
.'to start setting up your bookmarks!';
     
do_html_url('member.php''Go to members page');
   }
   else
   {
     
// otherwise provide link back, tell them to try again
     
do_html_header('Problem:');
     echo 
$reg_result
     
do_html_footer();
     exit;
   }

   
// end page
   
do_html_footer(); 
Here is the register function that is referred to above, which writes to the database:
PHP Code:
function register($username$email$password)
// register new person with db
// return true or error message
{
 
// connect to db
  
$conn db_connect();
  if (!
$conn)
    return 
'Could not connect to database server - please try later.';

  
// check if username is unique 
  
$result mysql_query("select * from user where username='$username'"); 
  if (!
$result)
     return 
'Could not execute query';
  if (
mysql_num_rows($result)>0
     return 
'That username is taken - go back and choose another one.';

  
// if ok, put in db
  
$result mysql_query("insert into user values 
                         ('
$username', password('$password'), '$email')");
  if (!
$result)
    return 
'Could not register you  in database - please try again later.';

  return 
true;



From the code above-any clue on why the password is not written to the database as it was typed instead of being scrambled?

-Kevin