--- password_change/password_change.module.orig	Wed Oct 27 06:29:50 2010
+++ password_change/password_change.module	Wed Oct 27 06:43:35 2010
@@ -86,9 +86,63 @@
   //unset($form['timezone']);
 }
 
+// based on _phpass_user_authenticate (phpass.module) and _password_load_user, password_user (password.module)
 function password_change_validate_password($element, $form_state) {
-  if (md5($element['#value']) !== $GLOBALS['user']->pass) {
-    form_error($element, 'Incorrect current password.');
+  // map variables
+  $curpass = $element['#value'];
+  $account = user_load(array('name' => $GLOBALS['user']->name, 'status' => 1));
+  // validate with password module method
+  if (module_exists('password')) {
+    // Load in the new password hashes from password table (password)
+    $account->password = db_result(db_query("SELECT pass FROM {password} WHERE uid = %d", $account->uid));
+    // proceed if new hash is not empty
+    if (!empty($account->password)) {
+      // Switch in the new hash into the $account->pass value.
+      $old_pass = $account->pass;
+      $account->pass = $account->password;
+      // Allow alternate password hashing schemes (password.module)
+      _password_include();
+      // compare hashes through function user_check_password (password.inc)
+      $check = user_check_password($curpass, $account);
+      if ($check != 1) {
+        // mismatch password hashes returns error
+        form_error($element, t('Incorrect current password.'));
+      }
+      // Switch $account->pass back to the MD5 hash.
+      $account->pass = $old_pass;
+    }
+  // validate with phpass module method (phpass hash method set as 'phpass')
+  } elseif (module_exists('phpass') && variable_get('user_hash_method', 'phpass') == 'phpass') {
+    // Load in the new password hashes from phpass table (user_phpass)
+    $account->hash = db_result(db_query("SELECT hash FROM {user_phpass} WHERE uid = %d", $account->uid));
+    // proceed if new hash is not empty and old hash matches 'phpass'
+    if (!empty($account->hash) && ($account->pass == 'phpass')) {
+      // check if PasswordHash.php is missing (phpass.module)
+      _phpass_is_passwordhash_php_missing();
+      // Allow alternate password hashing schemes (PasswordHash.php)
+      require_once(drupal_get_path('module', 'phpass') .'/PasswordHash.php');
+      // compare hashes through function CheckPassword (PasswordHash.php)
+      $phpass = new PasswordHash(variable_get('user_hash_strength', 8), variable_get('user_hash_portable', TRUE));
+      $check = $phpass->CheckPassword($curpass, $account->hash);
+      if ($check != 1) {
+        // mismatch password hashes returns error
+        form_error($element, t('Incorrect current password.'));
+      }
+    // else proceed if old has does not match 'phpass' (md5 method)
+    } elseif ($account->pass != 'phpass') {
+      // compare hashes through function md5
+      if ($account->pass !== md5($curpass)) {
+        // mismatch password hashes returns error
+        form_error($element, t('Incorrect current password.'));
+      }
+    }
+  // validate with the old md5 method
+  } else {
+    // compare hashes through function md5
+    if ($account->pass !== md5($curpass)) {
+      // mismatch password hashes returns error
+      form_error($element, t('Incorrect current password.'));
+    }
   }
 }