hello everyone...

I have tried to work this code the whole day I seem to get no where. Can please someone help me see the mistake.

The code is supposed to be changing the user password. What happen is ; I get these messages You entered an incorrect password. Try Again Congratulations! You have successfully changed your password. Continue

And if I check in the database the password field is being erased!...please help....
the form:
HTML Code:
<form id="update"  name="update" method="POST"  class="formfield" action="u.php" >
       <div> 
<label class="fixedwidth">Username:</label>
<input name="username" id="username" type="text" class="fixedwidth"/>
	</div>
    
   			
	 
	 <div >
<label class="fixedwidth">Old password:</label>
<input name="oldpassword" id="oldpassword" type="password" class="fixedwidth"/>
	</div>
 <div >
<label class="fixedwidth">New Password:</label>
<input name="password" id="password" type="password" class="fixedwidth" />
	</div>
<div>
<label class="fixedwidth">Confirm New Password:</label>
<input name="password1" id="password1" type="password" class="fixedwidth"  />
	</div>	
	
	<div class="buttonarea">
	  <div align="center">
	    <input name="update" id="update" type="submit" value="Change Password" />
	    <label>
	    <input type="reset" name="cancel" id="cancel" value="Cancel"  onclick="location.href='Admin_index.php'"/>
	    </label>
	  </div>
	</div>
    
		
		</form>
the php file
PHP Code:
<?php 

session_start
();

//connect to the database
$conn dbConnect('Admin_username');

$username $_POST['username'];
$oldpassword $_POST['oldpassword'];
$password $_POST['password'];
$confirmnewpassword $_POST['password1'];
$pswd sha1(md5($password));
$result mysql_query("SELECT password FROM users WHERE username='$username'");
if(!
$result

echo 
"The username you entered does not exist. <a href=use.php>Try Again</a>"

else 
if(
$password!= mysql_result($result0)) 

echo 
"You entered an incorrect password. <a href=use.php>Try Again</a> "

else
if(
$password==$confirmnewpassword
        
$pass sha1(md5($password));
    
$sql=mysql_query("UPDATE users SET password='$pass' where username='$username'"); 
    if(
$sql
    { 
    echo 
"Congratulations! You have successfully changed your password. <a href=Admin_index.php>Continue</a>"
    }
else

echo 
"The new password and confirm new password fields must be the same. <a href=use.php>Try Again</a> "
}  
?>