Like the topic suggests, it'll be great if a user's account is temporarily disabled when he changes his email (probably set to "awaiting confirmation"), while an email confirmation is sent to him to be re-authenticated. SMF has a function like this.

That would be a great core option, but I wonder if it could be possible via user actions in a plugin, like...

onBeforeUserUpdate:
get the current e-mail value...
store as a state...

onAfterUserUpdate:
if the new e-mail field value <> the old one...
$user->confirmed = 0;
CB core e-mail approval function.

Seems like it could:
1) change the email address
2) Set the user to Not Confirmed (make sure it fires the onUserActive or similar event so that plugins can work on as needed)... may also need to set to Not Approved to disable site access until re-confirmed
3) Add a DB record similar to what happens when registering
4) Send them an e-mail confirmation e-mail same as when registering

Seems like the catch here might be if admin approval is turned on it may require re-approval by admin if using the exisiting core checks...

With that difficulty in mind it might be better to have a similar but different set of code handle e-mail change confirmations

Just thinking out loud...
Greg

Any solution to this subject yet?