Index: includes/user.php
===================================================================
--- includes/user.php	(revision 21626)
+++ includes/user.php	(working copy)
@@ -42,6 +42,9 @@
 	if ( !$update && isset( $_POST['user_login'] ) )
 		$user->user_login = sanitize_user($_POST['user_login'], true);
 
+	if ( isset( $_POST['old-pass'] ))
+		$oldpass = $_POST['old-pass'];
+
 	$pass1 = $pass2 = '';
 	if ( isset( $_POST['pass1'] ))
 		$pass1 = $_POST['pass1'];
@@ -108,6 +111,20 @@
 	if ( $user->user_login == '' )
 		$errors->add( 'user_login', __( '<strong>ERROR</strong>: Please enter a username.' ));
 
+	/* checking old password has been entered and is correct */
+	$user_data = get_userdata($user->ID);
+
+	if ( $update && !empty($pass1) && !empty($pass2) ) {
+		if ( !$oldpass ) {
+			if ( IS_PROFILE_PAGE )
+				$errors->add( 'pass', __( '<strong>ERROR</strong>: You must enter your current password.' ), array( 'form-field' => 'old-pass' ) );
+			else 
+				$errors->add( 'pass', __( '<strong>ERROR</strong>: You must enter the user\'s current password.' ), array( 'form-field' => 'old-pass' ) );
+		}
+		elseif ( !wp_check_password($oldpass, $user_data->user_pass) )
+			$errors->add( 'pass', __( '<strong>ERROR</strong>: Current password is incorrect.' ), array( 'form-field' => 'old-pass' ) );
+	}
+
 	/* checking the password has been typed twice */
 	do_action_ref_array( 'check_passwords', array ( $user->user_login, & $pass1, & $pass2 ));
 
Index: user-edit.php
===================================================================
--- user-edit.php	(revision 21626)
+++ user-edit.php	(working copy)
@@ -370,15 +370,25 @@
 	<td><textarea name="description" id="description" rows="5" cols="30"><?php echo $profileuser->description; // textarea_escaped ?></textarea><br />
 	<span class="description"><?php _e('Share a little biographical information to fill out your profile. This may be shown publicly.'); ?></span></td>
 </tr>
+</table>
 
+<h3><?php _e('Change Password'); ?></h3>
+<table class="form-table">
 <?php
 $show_password_fields = apply_filters('show_password_fields', true, $profileuser);
+( IS_PROFILE_PAGE ) ? $subject = 'your' : $subject = 'the user\'s';
 if ( $show_password_fields ) :
 ?>
+<tr id="old-password">
+	<th><label for="old-pass"><?php _e('Current Password'); ?></label></th>
+	<td><input type="password" name="old-pass" id="old-pass" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("First type ".$subject." current password in order to set a new password. Otherwise leave this blank."); ?></span></td>
+
+
+</tr>
 <tr id="password">
 	<th><label for="pass1"><?php _e('New Password'); ?></label></th>
-	<td><input type="password" name="pass1" id="pass1" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("If you would like to change the password type a new one. Otherwise leave this blank."); ?></span><br />
-		<input type="password" name="pass2" id="pass2" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("Type your new password again."); ?></span><br />
+	<td><input type="password" name="pass1" id="pass1" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("Type a new password."); ?></span><br />
+		<input type="password" name="pass2" id="pass2" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("Type the new password again."); ?></span><br />
 		<div id="pass-strength-result"><?php _e('Strength indicator'); ?></div>
 		<p class="description indicator-hint"><?php _e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ &amp; ).'); ?></p>
 	</td>
