I would personally recommend separating the Ajax requests by checking the old password when the user leaves the old password input (onblur) and have its own handler / success function and a second function to handle the actual changing of the password.
given this markup:
<input type="text" id="oldPassword" value="" />
<input type="text" id="newPassword" name="newPassword" value="" />
<input type="text" id="confirmNewPassword" name="confirmNewPassword" value="" />
<input type="button" id="submitButton" value="Reset Password" />
and this (pseudo code)JS:
<script type="text/javascript">
//some doc ready-ish function
$('#oldPassword').blur(function(){
//ajax request to validate the pw
//trigger some success / failure message
//if failure, disable your #submitButton by unbinding the click event or something to that effect
//if its successful, make sure you're submit button event is bound again
});
$('#submitButton').click(function(){
//perform new pw validation
//submit your reset password request
});
</script>