Needed if we are trying to change password.

File

modules/user/user.module, line 1112

Code

function user_user_settings_form_validate($form, $form_state) {
  global $user;

  $values = $form_state ['values'];
  $current_password = $values ['current_password'];
  $new_password1 = $values ['new_password1'];
  $new_password2 = $values ['new_password2'];

  if ($new_password1 != "" || $new_password2 != "") {

    if ($new_password1 !== $new_password2) {
      form_error('new_password1', t("Sorry, the passwords you entered do not match.  Please check your spelling and try again."));
      return;
    }

    // Did we get the current password right?
    $res = db_query("SELECT * FROM users WHERE user_id = ? ", $user->id);

    $cur = db_fetch_array($res);

    // Check the user's password is valid.
    $stored_hash = @$cur ["password"];
    if (!user_check_password($current_password, $stored_hash)) {
      form_error("current_password", t("Sorry, but the current password you entered is not correct.  Please check your spelling and try again."));
      return;
    }


  }

  // If we got to here, we're good to proceed.  Other modules might decide to add their own validate function,
  // to check for password complexity.  They'd do this by adding to the validate_handlers in hook_form_alter.

}