条件中的PHP md5

我有一个简单的脚本,我正在尝试执行一个简单md5用户/密码om。我遇到的问题是,无论我在用户/密码字段中输入了什么,它都匹配条件,并允许加载include

<?php
if(md5($_POST['user']) === 'md5user' && md5($_POST['pass']) === 'md5pass'):    
    include("secure.php");   
else: ?>
    <body>
        <div class="container" style="width: 20%;">
            <div class="row-fluid well" style="background: #333; margin-top: 25%;">
                <p class="lead">Inventory Update Login</p>
                <form class="form" method="POST" action="secure.php">
                <label>User Name</label><input class="input-block-level" type="text" name="user"></input><br/>
                <label>Password</label><input class="input-block-level" type="password" name="pass"></input><br/>
                <input class="btn btn-primary" type="submit" name="submit" value="Go"></input>
                </form>
                    <div class="alert alert-error">
                      <h4>Warning!</h4>
                      Best check yo self, you're not supposed to be here by accident. If you are here to do something naughty, keep in mind we are a company owned by people with guns!
                    </div>
            </div>
        </div>
    </body> 

secure.php:

<?php
    $secretkey = "12345";
    print_r($_POST);
?>
<html>
    <head>
        <link rel="stylesheet" href="https://dev.zinkcalls.com/media/jui/css/bootstrap.min.css" type="text/css" />
        <style>
            body {color: #fff;}
            .well, .brand, .navbar-inner, .popover, .btn, .tooltip, input, select, textarea, pre, .progress, .modal, .add-on, .alert, .table-bordered, .nav>.active>a, .dropdown-menu, .dropdown-menu>li>a:hover, .tooltip-inner, .badge, .label, .img-polaroid {
                background-image: none !important;
                border-collapse: collapse !important;
                box-shadow: none !important;
                    -moz-box-shadow: none !important;
                   -webkit-box-shadow: none !important;
                border: none;
                text-shadow: none !important;
            }
        </style>
    </head>
    <body>
        <div class="container" style="width: 20%;">
            <div class="row-fluid well" style="background: #333; margin-top: 25%;">
                <?php if((!isset($_POST['key']) or ($_POST['key'] != $secretkey)) and !isset($_POST['update'])): ?>
                    <div class="alert alert-error">
                        <h4>Whoaa!</h4>You need the secret key bro.
                    </div>
                    <form class="form" method="POST" action="secure.php">
                        <label>Secret Key</label><input class="input-block-level" type="text" name="key" /><br/>
                        <input class="btn btn-primary" type="submit" name="submit" value="Enter Secret Key" />   
                    </form>
                <?php elseif(($_POST['key'] = $secretkey) and !isset($_POST['update'])): ?>
                    <div class="alert alert-error">
                        <h4>Careful!</h4>
                        You may destroy everything in one click of the button. Proceed?
                    </div>
                    <form class="form" method="POST" action="secure.php">
                        <input class="btn btn-primary" type="submit" name="update" value="Yes" />
                        <input class="btn" type="reset" name="abort" value="No" />
                    </form>
                <?php else:?>
                    <div class="alert alert-success">
                        <?php include("inventory_query.php"); ?>
                        <h4>Done!</h4>
                        Now get the hell outta here.
                    </div>
                <?php endif; ?>
                <hr />
                <form class="form" method="POST" action="inventory.php">
                    <input class="btn btn-primary" type="submit" name="logout" value="Logout" />   
                </form>
            </div>
        </div>
    </body>
</html>