Index: lang/en_utf8/auth.php
===================================================================
RCS file: /cvsroot/moodle/moodle/lang/en_utf8/auth.php,v
retrieving revision 1.39
diff -u -r1.39 auth.php
--- lang/en_utf8/auth.php	29 Feb 2008 22:12:07 -0000	1.39
+++ lang/en_utf8/auth.php	18 Mar 2008 09:21:46 -0000
@@ -1,4 +1,4 @@
-<?php // $Id: auth.php,v 1.39 2008/02/29 22:12:07 nicolasconnault Exp $ 
+<?php // $Id: auth.php,v 1.42 2008/03/13 15:45:16 nicolasconnault Exp $ 
       // auth.php - created with Moodle 1.5 UNSTABLE DEVELOPMENT (2005010100)
 
 
@@ -117,6 +117,18 @@
 $string['auth_emailtitle'] = 'Email-based self-registration';
 $string['auth_emailnoinsert'] = 'Could not add your record to the database!';
 $string['auth_emailnoemail'] = 'Tried to send you an email but failed!';
+$string['auth_emailrecaptcha'] = 'Adds a visual/audio confirmation form element to the signup page for email self-registering users. This protects your site against spammers and contributes to a worthwhile cause. See http://recaptcha.net/learnmore.html for more details.';
+$string['auth_emailrecaptcha_key'] = 'Enable reCAPTCHA element';
+$string['auth_emailsettings'] = 'Settings';
+$string['auth_emailupdatemessage'] = 'You have requested a change of your email address for your user account at $a->site. Please open the following URL in your browser in order to confirm this change.
+
+$a->url';
+$string['auth_emailupdatetitle'] = 'Confirmation of email update';
+$string['auth_invalidnewemailkey'] = 'Error: if you are trying to confirm a change of email address, you may have made a mistake in copying the URL we sent you by email. Please copy the address and try again.'; 
+$string['auth_emailupdatesuccess'] = 'Your email address was successfully updated to $a->email.';
+$string['auth_outofnewemailupdateattempts'] = 'You have run out of allowed attempts to update your email address. Your update request has been cancelled.';
+$string['auth_emailupdate'] = 'Email address update';
+$string['auth_changingemailaddress'] = 'You have requested a change of email address, from $a->oldemail to $a->newemail. For security reasons, we are sending you an email message at the new address to confirm that it belongs to you. Your email address will be updated as soon as you open the URL sent to you in that message.';
 
 // FirstClass plugin
 $string['auth_fccreators'] = 'List of groups whose members are allowed to create new courses. Separate multiple groups with \';\'. Names must be spelled exactly as on FirstClass server. System is case-sensitive.';
@@ -374,5 +386,11 @@
 $string['unlocked'] = 'Unlocked';
 $string['unlockedifempty'] = 'Unlocked if empty';
 $string['locked'] = 'Locked';
-
+$string['incorrectpleasetryagain'] = 'Incorrect. Please try again.';
+$string['enterthewordsabove'] = 'Enter the words above';
+$string['enterthenumbersyouhear'] = 'Enter the numbers you hear';
+$string['getanothercaptcha'] = 'Get another CAPTCHA';
+$string['getanaudiocaptcha'] = 'Get an audio CAPTCHA';
+$string['getanimagecaptcha'] = 'Get an image CAPTCHA';
+$string['recaptcha'] = 'reCAPTCHA';
 ?>
Index: user/edit.php
===================================================================
RCS file: /cvsroot/moodle/moodle/user/edit.php,v
retrieving revision 1.172
diff -u -r1.172 edit.php
--- user/edit.php	26 Feb 2008 12:46:51 -0000	1.172
+++ user/edit.php	18 Mar 2008 09:22:10 -0000
@@ -93,6 +93,22 @@
 
         add_to_log($course->id, 'user', 'update', "view.php?id=$user->id&course=$course->id", '');
 
+        $email_changed = false;
+        $email_changed_html = '';
+
+        // Handle change of email carefully
+        if ($user->email != $usernew->email) {
+            $a = new stdClass();
+            $a->newemail = $usernew->preference_newemail = $usernew->email;
+            $usernew->preference_newemailkey = random_string(30);
+            $usernew->preference_newemailattemptsleft = 3;
+            $a->oldemail = $usernew->email = $user->email;
+            
+            $email_changed_html = print_box(get_string('auth_changingemailaddress', 'auth', $a), 'generalbox', 'notice', true);
+            $email_changed_html .= print_continue("$CFG->wwwroot/user/view.php?id=$user->id&amp;course=$course->id", true);
+            $email_changed = true;
+        }
+
         $authplugin = get_auth_plugin($user->auth);
 
         $usernew->timemodified = time();
@@ -130,6 +146,23 @@
 
         // save custom profile fields data
         profile_save_data($usernew);
+        
+        // If email was changed, send confirmation email now
+        if ($email_changed) {
+            $temp_user = fullclone($user);
+            $temp_user->email = $usernew->preference_newemail;
+
+            $a = new stdClass();
+            $a->url = $CFG->wwwroot . '/user/emailupdate.php?key=' . $usernew->preference_newemailkey . '&id=' . $user->id;
+            $a->site = $SITE->fullname;
+
+            $emailupdatemessage = get_string('auth_emailupdatemessage', 'auth', $a);
+            $emailupdatetitle = get_string('auth_emailupdatetitle', 'auth');
+
+            if(!$mail_results = email_to_user($temp_user, get_admin(), $emailupdatetitle, $emailupdatemessage)) {
+                die("could not send email!");
+            }
+        } 
 
         if ($USER->id == $user->id) {
             // Override old $USER session variable if needed
@@ -139,7 +172,10 @@
             }
         }
         events_trigger('user_updated', $usernew);
-        redirect("$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id");
+
+        if (!$email_changed) {
+            redirect("$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id");
+        }
     }
 
 
@@ -164,8 +200,12 @@
     $currenttab = 'editprofile';
     require('tabs.php');
 
-/// Finally display THE form
-    $userform->display();
+    if ($email_changed) {
+        echo $email_changed_html;
+    } else {
+    /// Finally display THE form
+        $userform->display();
+    }
 
 /// and proper footer
     print_footer($course);
Index: user/emailupdate.php
===================================================================
RCS file: user/emailupdate.php
diff -N user/emailupdate.php
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ user/emailupdate.php	1 Jan 1970 00:00:00 -0000
@@ -0,0 +1,51 @@
+<?php // $Id: editadvanced.php,v 1.28 2008/02/26 06:43:54 scyrma Exp $
+
+require_once('../config.php');
+require_once($CFG->libdir.'/adminlib.php');
+httpsrequired();
+
+$key = required_param('key', PARAM_TEXT);
+$id  = required_param('id', PARAM_INT);
+
+$user = get_record('user', 'id', $id);
+$preferences = get_user_preferences(null, null, $id);
+
+$stremailupdate = get_string('auth_emailupdate', 'auth');
+print_header("$SITE->fullname: $stremailupdate", "$SITE->fullname: $stremailupdate");
+
+$cancel_email_update = false;
+
+if (empty($preferences['newemailattemptsleft'])) {
+    redirect("$CFG->wwwroot/user/view.php?id=$user->id");
+} elseif ($preferences['newemailattemptsleft'] < 1) {
+    $cancel_email_update = true;
+    $stroutofattempts = get_string('auth_outofnewemailupdateattempts', 'auth');
+    print_simple_box($stroutofattempts, 'center', '50%');
+} elseif ($key == $preferences['newemailkey']) {
+    $user->email = $preferences['newemail'];
+
+    // update user email
+    if (!update_record('user', $user)) {
+        error('Error updating user record');
+    } else {
+        events_trigger('user_updated', $user);
+        $stremailupdatesuccess = get_string('auth_emailupdatesuccess', 'auth', $user);
+        print_simple_box($stremailupdatesuccess, 'center', '50%');
+        print_continue("$CFG->wwwroot/user/view.php?id=$user->id", true);
+
+        $cancel_email_update = true; 
+    } 
+} else {
+    $preferences['newemailattemptsleft']--;
+    set_user_preference('newemailattemptsleft', $preferences['newemailattemptsleft'], $user->id);
+    $strinvalidkey = get_string('auth_invalidnewemailkey', 'auth');
+    print_simple_box($strinvalidkey, 'center', '50%');
+}
+
+if ($cancel_email_update) {
+    unset_user_preference('newemail', $user->id);
+    unset_user_preference('newemailkey', $user->id);
+    unset_user_preference('newemailattemptsleft', $user->id);
+}
+print_footer('none');
+?>