uid == $GLOBALS['user']->uid || variable_get('password_change_all', 0)) { if (password_change_is_reset()) { // Make the normal password field required if the password was just // reset. $form['account']['pass']['#required'] = TRUE; } else { // Add the current password field just below the 'Save' button. $form['pass_current'] = array( '#type' => 'password', '#title' => t('Your current password'), '#description' => t('For security reasons, enter your current password to confirm your changes.'), '#size' => 25, '#weight' => $form['submit']['#weight'] - 0.5, '#required' => TRUE, '#element_validate' => array('password_change_validate_password'), ); } // Put the submit handler first so we can clear the values before they // could be saved into $user->data. array_unshift($form['#submit'], 'password_change_form_submit_clear_reset'); } } } function password_change_validate_password($element, $form_state) { if (md5($element['#value']) !== $GLOBALS['user']->pass) { form_error($element, t('Incorrect current password.')); } } /** * Submit handler; reset the reset flag and unset the currnet password value. */ function password_change_form_submit_clear_reset($form, &$form_state) { password_change_is_reset(FALSE); unset($form_state['values']['pass_current']); } /** * Implements hook_form_FORM_ID_alter(). */ function password_change_form_user_admin_settings_alter(&$form, $form_state) { $form += array( 'security' => array( '#type' => 'fieldset', '#title' => t('Security'), ), ); $form['security']['password_change_all'] = array( '#type' => 'checkbox', '#title' => t("Require the current user to confirm his or her current password when changing any user's account."), '#description' => t('Users will still be required to confirm their password when changing their own account regardless of this setting.'), '#default_value' => variable_get('password_change_all', FALSE), ); }