Deal with issues described by Jon in issues #203.
The main point of the changes are to require that the old password is provided when changing your password. This holds true even for admins changing their own password in red-dot. Note though, that when an admin changes another user's password in red-dot, old password is not required, which is somewhat in conflict with the overall goal, but hey, we want to be practical too. I ended up removing password modification from the profile page, and use the already existing changepswd page, which I cleaned up and turned into a first class ajax citizen to make the page operate smoother.
Showing with 368 additions and 250 deletions