Form validation handler for the current password on the user_account_form().
function user_validate_current_pass(&$form, &$form_state) {
$account = $form['#user'];
foreach ($form_state['values']['current_pass_required_values'] as $key => $name) {
// This validation only works for required textfields (like mail) or
// form values like password_confirm that have their own validation
// that prevent them from being empty if they are changed.
if (strlen(trim($form_state['values'][$key])) > 0 && $form_state['values'][$key] != $account->{$key}) {
require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
$current_pass_failed = strlen(trim($form_state['values']['current_pass'])) == 0 || !user_check_password($form_state['values']['current_pass'], $account);
if ($current_pass_failed) {
form_set_error('current_pass', t("Your current password is missing or incorrect; it's required to change the %name.", array(
'%name' => $name,
)));
form_set_error($key);
}
// We only need to check the password once.
break;
}
}
}