I'm in a rush to release so I am adding features that are needed to make it usable.

update_email.php

@@ -0,0 +1,97 @@
+<?php
+session_start();
+require_once 'includes/globals.php';
+require_once 'vendor/autoload.php';
+
+use DJMixHosting\Database;
+use Aws\Ses\SesClient;
+use Aws\Exception\AwsException;
+
+if (!isset($_SESSION['user'])) {
+    header("Location: login.php");
+    exit;
+}
+
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+    header("Location: profile.php");
+    exit;
+}
+
+if (!isset($_POST['new_email']) || empty($_POST['new_email'])) {
+    $_SESSION['error'] = "New email address is required.";
+    header("Location: profile.php");
+    exit;
+}
+
+$new_email = filter_var($_POST['new_email'], FILTER_VALIDATE_EMAIL);
+if (!$new_email) {
+    $_SESSION['error'] = "Invalid email format.";
+    header("Location: profile.php");
+    exit;
+}
+
+$db = new Database($config);
+$userId = $_SESSION['user']['id'];
+
+// Update the user's email and mark it as unverified
+$stmt = $db->prepare("UPDATE users SET email = ?, emailVerified = 0 WHERE id = ?");
+$stmt->bind_param("si", $new_email, $userId);
+$stmt->execute();
+$stmt->close();
+
+// Generate verification code and expiry (15 minutes from now)
+$verification_code = bin2hex(random_bytes(16));
+$expires_at = date("Y-m-d H:i:s", strtotime("+15 minutes"));
+
+// Store the verification record (using REPLACE to update any existing record for this user and email)
+$stmt = $db->prepare("REPLACE INTO email_verifications (user_id, email, verification_code, expires_at) VALUES (?, ?, ?, ?)");
+$stmt->bind_param("isss", $userId, $new_email, $verification_code, $expires_at);
+$stmt->execute();
+$stmt->close();
+
+// Send email using AWS SES with config settings
+$sesClient = new SesClient([
+    'version' => 'latest',
+    'region'  => $config['aws']['ses']['region'],
+    'credentials' => [
+        'key'    => $config['aws']['ses']['access_key'],
+        'secret' => $config['aws']['ses']['secret_key'],
+    ]
+]);
+
+$sender_email = $config['aws']['ses']['sender_email'];
+$recipient_email = $new_email;
+$subject = "Verify Your Email Address";
+
+// Construct a verification link. Users can click this link to auto-submit the code.
+$verification_link = $config['app']['url'] . "/verify_email.php?code={$verification_code}";
+$body_text = "Please verify your email address by clicking the link below or by entering the code in your profile:\n\n";
+$body_text .= "{$verification_link}\n\nYour verification code is: {$verification_code}\nThis code will expire in 15 minutes.";
+
+try {
+    $result = $sesClient->sendEmail([
+        'Destination' => [
+            'ToAddresses' => [$recipient_email],
+        ],
+        'ReplyToAddresses' => [$sender_email],
+        'Source' => $sender_email,
+        'Message' => [
+            'Body' => [
+                'Text' => [
+                    'Charset' => 'UTF-8',
+                    'Data' => $body_text,
+                ],
+            ],
+            'Subject' => [
+                'Charset' => 'UTF-8',
+                'Data' => $subject,
+            ],
+        ],
+    ]);
+    $_SESSION['success'] = "Email updated. A verification email has been sent to your new address.";
+} catch (AwsException $e) {
+    $_SESSION['error'] = "Failed to send verification email: " . $e->getAwsErrorMessage();
+}
+
+header("Location: profile.php");
+exit;