diff -r cc85d241b81d -r 67e1a89d6bca src/cm/views/user.py
--- a/src/cm/views/user.py	Mon Mar 22 11:02:39 2010 +0100
+++ b/src/cm/views/user.py	Mon Mar 22 12:50:42 2010 +0100
@@ -394,6 +394,8 @@
         return HttpResponse('') # no redirect because this is called by js
     raise UnauthorizedException('')
 
+from django.contrib.auth.forms import PasswordChangeForm
+
 @login_required()
 def profile(request):
     user = request.user
@@ -401,6 +403,7 @@
     if request.method == 'POST':
         userform = UserForm(request.POST, instance=user)
         userprofileform = MyUserProfileForm(request.POST, instance=profile)
+        
         if userform.is_valid() and userprofileform.is_valid():
             userform.save()
             userprofileform.save()
@@ -414,6 +417,22 @@
                                                                'title' : 'Profile',
                                                                 }, context_instance=RequestContext(request))
 
+@login_required()
+def profile_pw(request):
+    user = request.user
+    profile = user.get_profile()
+    if request.method == 'POST':
+        pwform = PasswordChangeForm(profile.user, data = request.POST)
+        if pwform.is_valid():
+            pwform.save()
+            display_message(request, _(u'Password changed'))
+            return HttpResponseRedirect(reverse('profile'))
+    else:
+        pwform = PasswordChangeForm(profile.user)
+    return render_to_response('site/profile_pw.html', {'forms' : [pwform],
+                                                               'title' : 'Password',
+                                                                }, context_instance=RequestContext(request))
+
 class AnonUserRoleForm(UserRoleForm):
     def __init__(self, data=None, files=None, auto_id='id_%s', prefix=None,
                  initial=None, error_class=ErrorList, label_suffix=':',