This week's book giveaway is in the General Computing forum. We're giving away four copies of Arduino in Action and have Martin Evans, Joshua Noble, and Jordan Hochenbaum on-line! See this thread for details.
I don't think you'd want a password box to be sending itself to a client. Since you don't want to show the value anyway, let it be blank. Test the value on the server. If the admin types in a new password, set it on the user. If the value is blank, leave the current password as is.
If you want to allow blank passwords, you'll need something different. I'd suggest an explicit "Password Reset" page.