codeigniter comes with a Form Validation Class you can find the documentation here.
Its purpose is exactly what its name suggest – It will help you validating your form input. Once you get used to it it comes in really handy.

This is how your controller could look:

public function change_password() {
   if ($this->input->post()) {
      // user submitted the form
      if (some_encryption_function($this->input->post('current_password'))==password_from_db) { // pseudo code

         $this->load->library('form_validation'); // this should probably belong somewhere else like in the constructor of the controller
         $this->form_validation->set_rules('new_password', 'New Password', 'trim|required|min_length[4]|max_length[12]|matches[confirm_password]');
         $this->form_validation->set_rules('confirm_password', 'Confirm Password', 'trim|required|min_length[4]|max_length[12]');

         if ($this->form_validation->run() == false) {
            data['message'] = validation_errors();
         } else {
            store_new_password_to_db($this->input->post('new_password');
            data['message'] = "Some success message";
         }
         $this->load->view('your_change_password_view',$data);
      }
   }
}

This is not a perfect example for the form validation class. Just because you could easily validate those 3 fields without its help. But as its already built in with codeigniter why not use it?