diff --git a/modules/user.module b/modules/user.module
index 1fe27acd3402ba70a7f38e3921bc5105f82324d7..7e0e24688694bb2d24705f31e2fcde2d8c75f673 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -1259,25 +1259,7 @@ function user_edit($category = 'account') {
   $account = user_load(array('uid' => arg(1)));
   $edit = $_POST['op'] ? $_POST['edit'] : object2array($account);
 
-  if ($_POST['op'] == t('Submit')) {
-    user_module_invoke('validate', $edit, $account, $category);
-
-    if (!form_get_errors()) {
-      // Validate input to ensure that non-privileged users can't alter protected data.
-      if ((!user_access('administer users') && array_intersect(array_keys($edit), array('uid', 'init', 'session'))) ||
-          (!user_access('administer access control') && isset($edit['roles']))) {
-        watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING);
-      }
-      else {
-        user_save($account, $edit, $category);
-        // Delete that user's menu cache.
-        cache_clear_all('menu:'. $account->uid, TRUE);
-        drupal_set_message(t('The changes have been saved.'));
-        drupal_goto("user/$account->uid");
-      }
-    }
-  }
-  else if (arg(2) == 'delete') {
+  if (arg(2) == 'delete') {
     if ($edit['confirm']) {
       db_query('DELETE FROM {users} WHERE uid = %d', $account->uid);
       db_query('DELETE FROM {sessions} WHERE uid = %d', $account->uid);
@@ -1297,6 +1279,8 @@ function user_edit($category = 'account') {
   }
 
   $form = _user_forms($edit, $account, $category);
+  $form['_category'] = array('#type' => 'value', '#value' => $category);
+  $form['_account'] = array('#type' => 'value', '#value' => $account);
   $form['submit'] = array('#type' => 'submit', '#value' => t('Submit'), '#weight' => 30);
   if (user_access('administer users')) {
     $form['delete'] = array('#type' => 'submit', '#value' => t('Delete'), '#weight' => 31);
@@ -1307,6 +1291,26 @@ function user_edit($category = 'account') {
   return drupal_get_form('user_edit', $form);
 }
 
+function user_edit_validate($form_id, $form_values) {
+  user_module_invoke('validate', $form_values, $form_values['_account'], $form_values['_category']);
+  // Validate input to ensure that non-privileged users can't alter protected data.
+  if ((!user_access('administer users') && array_intersect(array_keys($form_values), array('uid', 'init', 'session'))) || (!user_access('administer access control') && isset($form_values['roles']))) {
+    $message = t('Detected malicious attempt to alter protected user fields.');
+    watchdog('security', $message, WATCHDOG_WARNING);
+    // set this to a value type field
+    form_set_error('category', $message);
+  }
+}
+
+function user_edit_submit($form_id, $form_values) {
+  $account = $form_values['_account'];
+  user_save($account, $form_values, $form_values['_category']);
+  // Delete that user's menu cache.
+  cache_clear_all('menu:'. $account->uid, TRUE);
+  drupal_set_message(t('The changes have been saved.'));
+  drupal_goto('user/'. $account->uid);
+}
+
 function user_view($uid = 0) {
   global $user;
 
@@ -1920,7 +1924,7 @@ function _user_forms(&$edit, $account, $category, $hook = 'form') {
       $groups = array_merge($data, $groups);
     }
   }
-  usort($groups, '_user_sort');
+  uasort($groups, '_user_sort');
 
   return empty($groups) ? FALSE : $groups;
 }
diff --git a/modules/user/user.module b/modules/user/user.module
index 1fe27acd3402ba70a7f38e3921bc5105f82324d7..7e0e24688694bb2d24705f31e2fcde2d8c75f673 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -1259,25 +1259,7 @@ function user_edit($category = 'account') {
   $account = user_load(array('uid' => arg(1)));
   $edit = $_POST['op'] ? $_POST['edit'] : object2array($account);
 
-  if ($_POST['op'] == t('Submit')) {
-    user_module_invoke('validate', $edit, $account, $category);
-
-    if (!form_get_errors()) {
-      // Validate input to ensure that non-privileged users can't alter protected data.
-      if ((!user_access('administer users') && array_intersect(array_keys($edit), array('uid', 'init', 'session'))) ||
-          (!user_access('administer access control') && isset($edit['roles']))) {
-        watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING);
-      }
-      else {
-        user_save($account, $edit, $category);
-        // Delete that user's menu cache.
-        cache_clear_all('menu:'. $account->uid, TRUE);
-        drupal_set_message(t('The changes have been saved.'));
-        drupal_goto("user/$account->uid");
-      }
-    }
-  }
-  else if (arg(2) == 'delete') {
+  if (arg(2) == 'delete') {
     if ($edit['confirm']) {
       db_query('DELETE FROM {users} WHERE uid = %d', $account->uid);
       db_query('DELETE FROM {sessions} WHERE uid = %d', $account->uid);
@@ -1297,6 +1279,8 @@ function user_edit($category = 'account') {
   }
 
   $form = _user_forms($edit, $account, $category);
+  $form['_category'] = array('#type' => 'value', '#value' => $category);
+  $form['_account'] = array('#type' => 'value', '#value' => $account);
   $form['submit'] = array('#type' => 'submit', '#value' => t('Submit'), '#weight' => 30);
   if (user_access('administer users')) {
     $form['delete'] = array('#type' => 'submit', '#value' => t('Delete'), '#weight' => 31);
@@ -1307,6 +1291,26 @@ function user_edit($category = 'account') {
   return drupal_get_form('user_edit', $form);
 }
 
+function user_edit_validate($form_id, $form_values) {
+  user_module_invoke('validate', $form_values, $form_values['_account'], $form_values['_category']);
+  // Validate input to ensure that non-privileged users can't alter protected data.
+  if ((!user_access('administer users') && array_intersect(array_keys($form_values), array('uid', 'init', 'session'))) || (!user_access('administer access control') && isset($form_values['roles']))) {
+    $message = t('Detected malicious attempt to alter protected user fields.');
+    watchdog('security', $message, WATCHDOG_WARNING);
+    // set this to a value type field
+    form_set_error('category', $message);
+  }
+}
+
+function user_edit_submit($form_id, $form_values) {
+  $account = $form_values['_account'];
+  user_save($account, $form_values, $form_values['_category']);
+  // Delete that user's menu cache.
+  cache_clear_all('menu:'. $account->uid, TRUE);
+  drupal_set_message(t('The changes have been saved.'));
+  drupal_goto('user/'. $account->uid);
+}
+
 function user_view($uid = 0) {
   global $user;
 
@@ -1920,7 +1924,7 @@ function _user_forms(&$edit, $account, $category, $hook = 'form') {
       $groups = array_merge($data, $groups);
     }
   }
-  usort($groups, '_user_sort');
+  uasort($groups, '_user_sort');
 
   return empty($groups) ? FALSE : $groups;
 }