diff -r 67a4c839c7e1 -r fcc42560afe6 plugins/SpecialUserPrefs.php
--- a/plugins/SpecialUserPrefs.php	Sun Aug 09 01:27:45 2009 -0400
+++ b/plugins/SpecialUserPrefs.php	Mon Aug 10 22:43:26 2009 -0400
@@ -212,11 +212,10 @@
             $db->_die();
           $row = $db->fetchrow();
           $db->free_result();
-          $old_pass = $session->pk_decrypt($row['password'], ENC_HEX);
           
           $new_email = $_POST['newemail'];
           
-          $result = $session->update_user($session->user_id, false, $old_pass, false, $new_email);
+          $result = $session->change_email($session->user_id, $new_email);
           if ( $result != 'success' )
           {
             $message = '<p>' . $lang->get('usercp_emailpassword_err_list') . '</p>';
@@ -226,9 +225,9 @@
           $email_changed = true;
         }
         // Obtain password
-        if ( !empty($_POST['crypt_data']) || !empty($_POST['newpass']) )
+        if ( !empty($_POST['crypt_data']) || !empty($_POST['newpass']) || $session->password_change_disabled )
         {
-          $newpass = $session->get_aes_post('newpass');
+          $newpass = $session->password_change_disabled ? '' : $session->get_aes_post('newpass');
           // At this point we know if we _want_ to change the password...
           
           // We can't check the password to see if it matches the confirmation
@@ -274,10 +273,31 @@
                   redirect(makeUrl(get_main_page()), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_admin'), 20);
                 }
               }
-              $session->login_without_crypto($session->username, $newpass);
+              $session->login_without_crypto($username, $newpass);
               redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_pass_success'), $lang->get('usercp_emailpassword_msg_password_changed'), 5);
             }
           }
+          else if ( $email_changed )
+          {
+            $session->logout(USER_LEVEL_CHPREF);
+            $activation = $session->user_level >= USER_LEVEL_MOD ? 'none' : getConfig('account_activation', 'none');
+            switch($activation)
+            {
+              default:
+                $message_body = $lang->get('usercp_emailpassword_msg_password_changed');
+                $timeout = 5;
+                break;
+              case 'admin':
+                $message_body = $lang->get('usercp_emailpassword_msg_need_activ_user');
+                $timeout = 20;
+                break;
+              case 'user':
+                $message_body = $lang->get('usercp_emailpassword_msg_need_activ_admin');
+                $timeout = 20;
+                break;
+            }
+            redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_email_success'), $message_body, $timeout);
+          }
         }
       }
       $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_emailpassword_title');
@@ -308,20 +328,32 @@
       }
       
       echo '<form action="' . makeUrlNS('Special', 'Preferences/EmailPassword') . '" method="post" onsubmit="return runEncryption();" name="empwform" >';
+      echo '<fieldset>';
+      echo '<legend>' . $lang->get('usercp_emailpassword_grp_chpasswd') . '</legend>';
       
       // Password change form
+      if ( $session->password_change_disabled )
+      {
+        echo '<p>' . $lang->get('usercp_emailpassword_msg_change_disabled') . '</p>';
+        if ( $session->password_change_dest['url'] )
+        {
+          echo '<p>' . $lang->get('usercp_emailpassword_msg_change_disabled_url') . '
+                   <a onclick="window.open(this.href); return false;" href="' . htmlspecialchars($session->password_change_dest['url']) . '">' . htmlspecialchars($session->password_change_dest['title']) . '</a></p>';
+        }
+      }
+      else
+      {
+      echo $lang->get('usercp_emailpassword_field_newpass') . '<br />
+                <input type="password" name="newpass" size="30" tabindex="1" ' . ( getConfig('pw_strength_enable') == '1' ? 'onkeyup="password_score_field(this);" ' : '' ) . '/>' . ( getConfig('pw_strength_enable') == '1' ? '<span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span>' : '' ) . '
+              <br />
+              <br />
+              ' . $lang->get('usercp_emailpassword_field_newpass_confirm') . '<br />
+              <input type="password" name="newpass_confirm" size="30" tabindex="2" />
+              ' . ( getConfig('pw_strength_enable') == '1' ? '<br /><br /><div id="pwmeter"></div>
+              <small>' . $lang->get('usercp_emailpassword_msg_password_min_score') . '</small>' : '' );
+      }
+      echo '</fieldset><br />';
       echo '<fieldset>
-        <legend>' . $lang->get('usercp_emailpassword_grp_chpasswd') . '</legend>
-        ' . $lang->get('usercp_emailpassword_field_newpass') . '<br />
-          <input type="password" name="newpass" size="30" tabindex="1" ' . ( getConfig('pw_strength_enable') == '1' ? 'onkeyup="password_score_field(this);" ' : '' ) . '/>' . ( getConfig('pw_strength_enable') == '1' ? '<span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span>' : '' ) . '
-        <br />
-        <br />
-        ' . $lang->get('usercp_emailpassword_field_newpass_confirm') . '<br />
-        <input type="password" name="newpass_confirm" size="30" tabindex="2" />
-        ' . ( getConfig('pw_strength_enable') == '1' ? '<br /><br /><div id="pwmeter"></div>
-        <small>' . $lang->get('usercp_emailpassword_msg_password_min_score') . '</small>' : '' ) . '
-      </fieldset><br />
-      <fieldset>
         <legend>' . $lang->get('usercp_emailpassword_grp_chemail') . '</legend>
         ' . $lang->get('usercp_emailpassword_field_newemail') . '<br />
           <input type="text" value="' . ( isset($_POST['newemail']) ? htmlspecialchars($_POST['newemail']) : '' ) . '" name="newemail" size="30" tabindex="3" />
@@ -333,12 +365,14 @@
       <br />
       <div style="text-align: right;"><input type="submit" name="submit" value="' . $lang->get('etc_save_changes') . '" tabindex="5" /></div>';
       
-      echo $session->generate_aes_form();
+      if ( !$session->password_change_disabled )
+        echo $session->generate_aes_form();
+      
       echo '</form>';
       
       // ENCRYPTION CODE
       ?>
-      <?php if ( getConfig('pw_strength_enable') == '1' ): ?>
+      <?php if ( !$session->password_change_disabled && getConfig('pw_strength_enable') == '1' ): ?>
       <script type="text/javascript">
       addOnloadHook(function()
         {