get_post('current_password'); $email = $wb->get_post('email'); // validate password $sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` ' . 'WHERE `user_id` = '.$wb->get_user_id().' AND `password` = \''.md5($password).'\''; $rowset = $database->query($sql); // Validate values if($rowset->numRows() == 0) { $error[] = $MESSAGE['PREFERENCES_CURRENT_PASSWORD_INCORRECT']; }else { if(!$wb->validate_email($email)) { $error[] = $MESSAGE['USERS_INVALID_EMAIL']; }else { $email = $wb->add_slashes($email); // Update the database $sql = 'UPDATE `'.TABLE_PREFIX.'users` ' . 'SET `email` = \''.$database->escapeString($email).'\' ' . 'WHERE `user_id` = \''.$wb->get_user_id().'\''; $database->query($sql); if($database->is_error()) { $error[] = $database->get_error(); } else { $success[] = $MESSAGE['PREFERENCES_EMAIL_UPDATED']; $_SESSION['EMAIL'] = $email; } } }