--- password_change.module.orig	2009-10-07 14:59:38.000000000 -0400
+++ password_change.module	2009-10-07 20:33:29.000000000 -0400
@@ -20,7 +20,7 @@ function password_change_user($op, &$edi
     if (!$edit['pass_current']) {
       form_set_error('pass_current', 'You must enter your current password when changing your password.');
     }
-    elseif (md5($edit['pass_current']) !== $user->pass) {
+    elseif (!_password_change_check_password($user, $edit['pass_current'])) {
       form_set_error('pass_current', 'Incorrect current password.');
     }
   }
@@ -40,3 +40,31 @@ function password_change_user($op, &$edi
 //    '#default_value' => variable_get('password_change_all_users', FALSE),
 //  );
 //}
+
+/**
+ * Validate a user's password
+ *
+ * @param $account
+ *   user account
+ * @param $pass
+ *   plaintext password to check
+ * @return
+ *   TRUE if password matches account's password
+ */
+function _password_change_check_password($account, $pass) {
+  // phpass validation
+  if (module_exists('phpass') && variable_get('user_hash_method', 'phpass') == 'phpass') {
+    // fetch the saved user pass and phpass hash
+    $userpass = db_fetch_object(db_query("SELECT u.*, p.hash FROM {users} u LEFT JOIN {user_phpass} p ON u.uid = p.uid WHERE u.uid = %d AND u.status = 1", $account->uid));
+
+    // check if the password matches the phpass hash
+    if ($userpass->hash) {
+      require_once(drupal_get_path('module', 'phpass') .'/PasswordHash.php');
+      $phpass = new PasswordHash(variable_get('user_hash_strength', 8), variable_get('user_hash_portable', TRUE));
+      return $phpass->CheckPassword($pass, $userpass->hash);
+    }
+  }
+
+  // fall through to normal md5 validation
+  return md5($pass) == $account->pass;
+}