Don't limit the character set for passwords, if you do so you're giving more power to a potential attacker. As a matter of fact, people is usually encouraged to put some non-alphabetical non-numerical character in their password, to reduce the possibility of a dictionary attack and augment the total entropy of their password, thus making it more "secure".

Moreover, given the fact that you're using this string only to compute an MD5 summary, it should really not be a problem for your script to allow any character, as per previous suggestion by graff.