Please, don't store passwords in clear text - it is a huge security risk. Have a look here:
Password Storage: How to do it.[
^]
Plus, it is a good practice to do all your validation at the start of a method, so you don't wate time or resources loading stuff you won't use - except in you case, if the new passwords don't match you report a problem and them overwrite the old password anyway, so the user doesn't have a clue what his password is...
Other than that, check your names: "@upass" is not the same as "@pass"...