Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.682
diff -u -d -F^\s*function -r1.682 user.module
--- modules/user/user.module	17 Sep 2006 19:14:16 -0000	1.682
+++ modules/user/user.module	29 Sep 2006 19:11:03 -0000
@@ -1267,6 +1267,7 @@ function user_register_submit($form_id, 
 }
 
 function user_edit_form($uid, $edit, $register = FALSE) {
+  global $user;
   $admin = user_access('administer users');
 
   // Account information:
@@ -1290,6 +1291,12 @@ function user_edit_form($uid, $edit, $re
     '#required' => TRUE,
   );
   if (!$register) {
+    // Verify the password if the user is not an admin and if the user is editing his own page
+    if (!admin || $user->uid == $uid) {
+      $form['account']['currentpass'] = array('#type' => 'password', '#title' => t('Current password'),
+        '#description' => t('If you want to change your password, provide the current password to verify your identity.')
+      );
+    }
     $form['account']['pass'] = array('#type' => 'password_confirm',
       '#description' => t('To change the current user password, enter the new password in both fields.'),
     );
@@ -1329,7 +1336,13 @@ function user_edit_form($uid, $edit, $re
 }
 
 function _user_edit_validate($uid, &$edit) {
-  $user = user_load(array('uid' => $uid));
+  $account = user_load(array('uid' => $uid));
+  // Validate the current password if the user changes password
+  if ($edit['pass'] && !user_access('administer users') && md5($edit['currentpass']) != $account->pass) {
+    form_set_error('currentpass', t('The old password to verify your identity is wrong.'));
+    $edit['pass'] = NULL;
+  }
+  
   // Validate the username:
   if (user_access('change own username') || user_access('administer users') || arg(1) == 'register') {
     if ($error = user_validate_name($edit['name'])) {
@@ -1356,7 +1369,7 @@ function _user_edit_validate($uid, &$edi
 
   // If required, validate the uploaded picture.
   if ($file = file_check_upload('picture_upload')) {
-    user_validate_picture($file, $edit, $user);
+    user_validate_picture($file, $edit, $account);
   }
 }