diff --git a/mod/settings.php b/mod/settings.php
index 56526b7e79..3d3688e29b 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -314,6 +314,8 @@ function settings_post(&$a) {
 			$err = true;
                 }
 
+                //  check if the old password was supplied correctly before 
+                //  changing it to the new value
                 $r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user()));
                 if( $oldpass != $r[0]['password'] ) {
                     notice( t('Wrong password.') . EOL);
@@ -401,8 +403,17 @@ function settings_post(&$a) {
 
 	if($email != $a->user['email']) {
 		$email_changed = true;
-        if(! valid_email($email))
-			$err .= t(' Not valid email.');
+                //  check for the correct password
+                $r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user()));
+                $password = hash('whirlpool', $_POST['password']);
+                if ($password != $r[0]['password']) {
+                    $err .= t('Wrong Password') . EOL;
+                    $email = $a->user['email'];
+                }
+                //  check the email is valid
+                if(! valid_email($email))
+                    $err .= t(' Not valid email.');
+                //  ensure new email is not the admin mail
 		if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) {
 			$err .= t(' Cannot change to that email.');
 			$email = $a->user['email'];