What does the md5 do I thought it was just a hash to check passwords
MD5 is a one-way hashing algorithm. Basically what that means is you put data in, it interprets that data through its mathematical computations, then results in a hash that looks like "33cb0713552966326747b637f7f00c62".
This is useful in a lot of different ways. One way is if you put two files through MD5 which are only 1 bit off, out of millions of bits, they will result in a totally different MD5 hash. This allows you to verify if something you downloaded did not somehow become corrupt along the way.
Another advantage is you can put sensitive information like passwords through MD5. Once that is done, there isn't any "easy" way to reverse the process and figure out what the password is from the hash. This has 2 advantages: 1) you don't have to store the actual password, so if a host which stores authentication information is ever compromised, the hackers will only get the MD5 hashes of passwords and not the actual passwords. 2) If the host is passed anything as a password, it hashes that and then compares the hash with what it has on file. If it is sent the hash, it will hash that giving a totally different hash, causing a password mismatch and unsuccessful authentication.
The disadvantage is hashes do repeat themselves (no matter if unoften). This can be somewhat exploited with clashes, making two files look alike hash wise that are very different otherwise. If every single MD5 hash were unique, it wouldn't be a hashing mechanism, it would be the worlds best file compressor. The second disadvantage is passwords can not be easily recovered from people who legitimately need them.
Finally, one vulnerability is "rainbow tables" which is basically a lookup list of every different word/combination one might ever be able to think of which allows someone with access to those rainbow tables to find a hash. Once the hash is found in the table, the accompanying (unencrypted) password is there. This is why it is important to ALWAYS use "salt" when using hashing for secure password storage. This will ensure that even the weakest password stored in your database will have a complex and unique hash.
Hope that helps, just thought I'd enlighten you as I feel it's very useful information! (also online guides will go into way more detail than you'll ever need)