Solution
Ok, I found that it wasn't the login page.
This line:
$WA_fieldValuesStr = "".WA_SHA1Encryption(WA_RandomPassword(8, false, true, true, "")) ."";
Should be this:
$WA_fieldValuesStr = "".WA_SHA1Encryption($_SESSION['newpw']) ."";
Although I don't remember doing it, I must have been clicking on 'Random Password' instead of the actual session for the random password.