## edit.html.erb
  <% form_tag url_for(:action => "update") do %>
     <p><label for="old_password" class="block">Old Password</label><br />
     <%= password_field_tag 'old_password', @old_password, :size => 45 %></p>
    
     <p><label for="password" class="block">New Password</label><br />
     <%= password_field_tag 'password', {}, :size => 45 %><br />
     <small>Between 4 and 40 characters</small></p>
    
     <p><label for="password_confirmation"  class="block">Confirm new password</label><br />
     <%= password_field_tag 'password_confirmation', {}, :size => 45 %></p>
    
     <%= submit_tag 'Change password' %>
    
  <% end %>


##accounts_controller.rb

def edit
   end
   
   # Change password action  
   def update
   return unless request.post?
     if User.authenticate(current_user.login, params[:old_password])
       if ((params[:password] == params[:password_confirmation]) && !params[:password_confirmation].blank?)
         current_user.password_confirmation = params[:password_confirmation]
         current_user.password = params[:password]        
     if current_user.save
           flash[:notice] = "Password successfully updated."
           redirect_to root_path #profile_url(current_user.login)
         else
           flash[:error] = "An error occured, your password was not changed."
           render :action => 'edit'
         end
       else
         flash[:error] = "New password does not match the password confirmation."
         @old_password = params[:old_password]
         render :action => 'edit'      
       end
     else
       flash[:error] = "Your old password is incorrect."
       render :action => 'edit'
     end 
   end

##routes.rb
  map.change_password '/change_password', :controller => 'accounts', :action => 'edit'

##menu link in layout
           <li><%= link_to 'Change Password', change_password_path %></li>