diff --git a/contrib/password_tab/password_policy_password_tab.info b/contrib/password_tab/password_policy_password_tab.info
index 22e4f67..eb99381 100644
--- a/contrib/password_tab/password_policy_password_tab.info
+++ b/contrib/password_tab/password_policy_password_tab.info
@@ -2,5 +2,5 @@ name = Password change tab
 description = Implements a separate password change tab.
 package = Other
 dependencies[] = password_policy
-core = 6.x
+core = 7.x
 
diff --git a/contrib/password_tab/password_policy_password_tab.module b/contrib/password_tab/password_policy_password_tab.module
index d33abbe..6ece66d 100644
--- a/contrib/password_tab/password_policy_password_tab.module
+++ b/contrib/password_tab/password_policy_password_tab.module
@@ -12,36 +12,42 @@
  * Implementation of hook_menu().
  */
 function password_policy_password_tab_menu() {
-  return array(
-    'admin/settings/password_policy/password_tab' => array(
-      'title' => 'Password tab',
-      'page callback' => 'drupal_get_form',
-      'page arguments' => array('password_policy_password_tab_admin_settings'),
-      'access arguments' => array('administer site configuration'),
-      'file' => 'password_policy_password_tab.admin.inc',
-    ),
-    'user/%user_category/edit/password' => array(
-      'title' => 'Password',
-      'page callback' => 'drupal_get_form',
-      'page arguments' => array('password_policy_password_tab', 1),
-      'access callback' => 'user_edit_access',
-      'access arguments' => array(1),
-      'type' => MENU_LOCAL_TASK,
-      'file' => 'password_policy_password_tab.pages.inc',
-    ),
+  $items = array();
+
+  $items['admin/config/people/password_policy/password_tab'] = array(
+    'title' => 'Password tab',
+    'page callback' => 'drupal_get_form',
+    'page arguments' => array('password_policy_password_tab_admin_settings'),
+    'access arguments' => array('administer site configuration'),
+    'file' => 'password_policy_password_tab.admin.inc',
+    'type' => MENU_LOCAL_TASK,
+    'weight' => 10,
+  );
+  $items['user/%user/password'] = array(
+    'title' => 'Password',
+    'page callback' => 'drupal_get_form',
+    'page arguments' => array('password_policy_password_tab', 1),
+    'access callback' => 'user_edit_access',
+    'access arguments' => array(1),
+    'type' => MENU_LOCAL_TASK,
+    'file' => 'password_policy_password_tab.pages.inc',
   );
+
+  return $items;
 }
 
 /**
- * Implementation of hook_form_alter().
+ * Implementation of hook_form_USER_PROFILE_FORM_alter().
+ * 
+ * @see user_account_form()
  */
-function password_policy_password_tab_form_alter(&$form, $form_state, $form_id) {
-  switch ($form_id) {
-    case "user_profile_form":
-      // Hide core password field from user edit form.
-      unset($form['account']['pass']);
-      break;
-  }
+function password_policy_password_tab_form_user_profile_form_alter(&$form, &$form_state) {
+	if (isset($form['account']['current_pass_required_values']['#value']['pass'])) {
+		unset($form['account']['current_pass_required_values']['#value']['pass']);
+	}
+
+	// Hide core password field from user edit form.
+	unset($form['account']['pass']);
 }
 
 /**
@@ -66,9 +72,10 @@ function password_policy_password_tab_exit($destination = NULL) {
         $processed = TRUE;
         // Change the drupal_goto to our change password tab.
         $path .= '/password';
-        $query = isset($url_parts['query']) ? $url_parts['query'] : NULL;
-        $fragment = isset($url_parts['fragment']) ? $url_parts['fragment'] : NULL;
-        drupal_goto($path, $query, $fragment);
+        $opts = array();
+        if (isset($url_parts['fragment'])) { $opts['fragment'] = $url_parts['fragment']; }
+        if (isset($url_parts['query'])) { parse_str($url_parts['query'], $params); $opts['query'] = $params; }
+        drupal_goto($path, $opts);
       }
     }
   }
diff --git a/contrib/password_tab/password_policy_password_tab.pages.inc b/contrib/password_tab/password_policy_password_tab.pages.inc
index 4342bac..6387db1 100644
--- a/contrib/password_tab/password_policy_password_tab.pages.inc
+++ b/contrib/password_tab/password_policy_password_tab.pages.inc
@@ -8,18 +8,59 @@
 /**
  * Password change form.
  */
-function password_policy_password_tab(&$form_state, $account) {
-  $form['account']['pass'] = array(
+function password_policy_password_tab($form, &$form_state, $account) {
+	global $user;
+	
+	$form['#user'] = $account;
+	if ($user->uid == $account->uid) {
+		// To skip the current password field, the user must have logged in via a
+		// one-time link and have the token in the URL.
+		$pass_reset = isset($_SESSION['pass_reset_' . $account->uid]) && isset($_GET['pass-reset-token']) && ($_GET['pass-reset-token'] == $_SESSION['pass_reset_' . $account->uid]);
+		$protected_values = array();
+		$current_pass_description = '';
+		// The user may only change their own password without their current
+		// password if they logged in via a one-time login link.
+		if (!$pass_reset) {
+			$protected_values['mail'] = t('E-mail address');
+			$protected_values['pass'] = t('Password');
+			$request_new = l(t('Request new password'), 'user/password', array('attributes' => array('title' => t('Request new password via e-mail.'))));
+			$current_pass_description = t('Enter your current password to change the %mail or %pass. !request_new.', array('%mail' => $protected_values['mail'], '%pass' => $protected_values['pass'], '!request_new' => $request_new));
+		}
+		// The user must enter their current password to change to a new one.
+		$form['current_pass_required_values'] = array(
+		  '#type' => 'value',
+		  '#value' => array('pass' => $protected_values['pass']),
+		);
+		$form['account']['current_pass'] = array(
+      '#type' => 'password', 
+      '#title' => t('Current password'), 
+      '#size' => 25, 
+      '#access' => !empty($protected_values), 
+      '#description' => $current_pass_description, 
+      '#weight' => -5, 
+      '#attributes' => array('autocomplete' => 'off'),
+		);
+
+		$form['#validate'][] = 'user_validate_current_pass';		
+	}
+	
+  $form['pass'] = array(
     '#type' => 'password_confirm',
-    '#description' => t('To change the current user password, enter the new password in both fields.'),
     '#size' => 25,
+    '#required' => TRUE,
+    '#description' => t('To change the current user password, enter the new password in both fields.'),
   );
+
+  
   $form['#uid'] = $account->uid;
   $form['_account'] = array('#type' => 'value', '#value' => $account);
-  $form['submit'] = array('#type' => 'submit', '#value' => t('Change'));
-  $form['#validate'] = array('password_policy_password_tab_validate');
-  $form['#submit'] = array('password_policy_password_tab_submit');
-  password_policy_form_alter($form, array(), 'user_profile_form');
+  
+  $form['actions'] = array('#type' => 'actions');
+  $form['actions']['submit'] = array(
+  	'#type' => 'submit',
+  	'#value' => t('Change'),
+  );
+
   return $form;
 }
 
@@ -43,10 +84,14 @@ function password_policy_password_tab_submit($form, &$form_state) {
   user_module_invoke('submit', $form_state['values'], $account, 'account');
   user_save($account, array('pass' => $form_state['values']['pass']));
   drupal_set_message(t('Password has been changed.'));
+
   if (variable_get('password_policy_password_tab_redirect', '') && !preg_match('/[?&]destination=/', $form['#action'])) {
     global $user;
     $redirect = parse_url(urldecode(strtr(variable_get('password_policy_password_tab_redirect', ''), array('%uid' => $user->uid))));
-    $form_state['redirect'] = array($redirect['path'], isset($redirect['query']) ? $redirect['query'] : NULL, isset($redirect['fragment']) ? $redirect['fragment'] : NULL);
+    $opts = array();
+    if (isset($redirect['fragment'])) { $opts['fragment'] = $redirect['fragment']; }
+    if (isset($redirect['query'])) { parse_str($redirect['query'], $params); $opts['query'] = $params; }
+    $form_state['redirect'] = array($redirect['path'], $opts);
   }
 }
 
diff --git a/password_policy.module b/password_policy.module
index 81c2fda..bce9367 100644
--- a/password_policy.module
+++ b/password_policy.module
@@ -408,9 +408,10 @@ function password_policy_form_alter(&$form, $form_state, $form_id) {
   switch ($form_id) {
     case 'user_profile_form':
     case 'user_register_form':
+    case 'password_policy_password_tab':
       // Force password change on user account.
       if (user_access('force password change')) {
-        if ($form['#user_category'] == 'account') {
+        if (isset($form['#user_category']) && $form['#user_category'] == 'account') {
           $force_change = db_query_range('SELECT force_change FROM {password_policy_force_change} WHERE uid=:uid', 0, 1, array(':uid' => $form['#user']->uid))->fetchField();
         }
         else {