1. Use $sPassword instead of $_POST['password'] EVERYWHERE IN YOUR QUERIES (but not in the comparison)
2. Again, you have "_$POST", this time in a code that's not executed
3. '$_POST[password]' is a nice constant string WHICH IS NOT THE SAME as the variable $_POST['password']
Btw
4. hash('md5', ...) is the same as md5(...) and the latter is backward compatible to much older versions of PHP
5. {$_SESSION['logname']} and {$_POST['new_pass']} shouldn't be in a query as well, ecape them like the password.
6. Hashing without salt is not secure enough, here's a couple of articles on the subject:
http://phpsec.org/articles/2005/password-hashing.html
(shameless plug mode on) viewtopic.php?t=62782
Of course, make this code run correctly first before trying any modifications.
I strongly suggest you re-read the chapters about strings in the manual, and/or just don't put array lookups in double-quoted strings.
Turn your error reporting to the max (error_reporting(E_ALL);) and use a decent editor with syntax highlighting - you would have noticed all of these errors had you done so.
Good luck