From f8f44a0286b66f01e40e6ad1339804bb504ba881 Mon Sep 17 00:00:00 2001
From: Marco <marco1@live.de>
Date: Tue, 26 Sep 2017 22:23:28 +0200
Subject: [PATCH] Show that users are to reconfirm their password for email
 changes

---
 README.md | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 82198b9..b0c857e 100644
--- a/README.md
+++ b/README.md
@@ -336,11 +336,16 @@ If a user is currently logged in, they may change their email address.
 
 ```php
 try {
-    $auth->changeEmail($_POST['newEmail'], function ($selector, $token) {
-        // send `$selector` and `$token` to the user (e.g. via email)
-    });
+    if ($auth->reconfirmPassword($_POST['password'])) {
+        $auth->changeEmail($_POST['newEmail'], function ($selector, $token) {
+            // send `$selector` and `$token` to the user (e.g. via email)
+        });
 
-    // the change will take effect as soon as the email address has been confirmed
+        // the change will take effect as soon as the email address has been confirmed
+    }
+    else {
+        // we can't say if the user is who they claim to be
+    }
 }
 catch (\Delight\Auth\InvalidEmailException $e) {
     // invalid email address