First of all I would have your method just take the password and not worry about their trying to encrypt it. That centralizes the MD5 logic in one place, and it is unlikely to run into problems because programmers generally like simple APIs. (But test anyways.)

However if you wanted to test for MD5 codes, you could check for 22 characters and not matching /[^0-9a-f]/. Of course that will only work if your programmers use the hex encoding, but people are very, very unlikely to accidentally pick that kind of password. OTOH if they use base 64, you are so out of luck. Therefore there is no easy way to catch all of the possible MD5 encodings that they might use. On the flip side, the fact that they might use the wrong MD5 encoding is reason enough in my books to not scatter the encoding logic...