WB 2.11.0

<?php

/**

 *

 * @category        frontend

 * @package         account

 * @author          WebsiteBaker Project

 * @copyright       2004-2009, Ryan Djurovich

 * @copyright       2009-2011, Website Baker Org. e.V.

 * @link            http://www.websitebaker2.org/

 * @license         http://www.gnu.org/licenses/gpl.html

 * @platform        WebsiteBaker 2.8.x

 * @requirements    PHP 5.2.2 and higher

 * @version         $Id$

 * @filesource        $HeadURL$

 * @lastmodified    $Date$

 *

 */

// Must include code to stop this file being access directly

if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }

// Get entered values

    $password = $wb->get_post('current_password');

    $email = $wb->get_post('email');

// validate password

    $sql  = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` '

          . 'WHERE `user_id` = '.$wb->get_user_id().' AND `password` = \''.md5($password).'\'';

    $rowset = $database->query($sql);

// Validate values

    if($rowset->numRows() == 0) {

        $error[] = $MESSAGE['PREFERENCES_CURRENT_PASSWORD_INCORRECT'];

    }else {

        if(!$wb->validate_email($email)) {

            $error[] = $MESSAGE['USERS_INVALID_EMAIL'];

        }else {

            $email = $wb->add_slashes($email);

// Update the database

            $sql  = 'UPDATE `'.TABLE_PREFIX.'users` '

                  . 'SET `email` = \''.$database->escapeString($email).'\' '

                  . 'WHERE `user_id` = \''.$wb->get_user_id().'\'';

             $database->query($sql);

            if($database->is_error()) {

                $error[] = $database->get_error();

            } else {

                $success[] = $MESSAGE['PREFERENCES_EMAIL_UPDATED'];

                $_SESSION['EMAIL'] = $email;

            }

        }

    }