
if (!preg_match("/^[0-9A-Z]+$/i", $_POST['user_newpassword'])) {
$error .= LAN_444."
\n";
}with:if ($_POST['user_hash'] == $userdata['user_password']) {
if (!preg_match("/^[0-9A-Z]+$/i", $_POST['user_newpassword'])) {
$error .= LAN_444."
\n";
}
} else {
$error .= LAN_450."
\n";
}