Untitled

<?php
        check_login('3');
        $select=mysql_query("SELECT username,password,email FROM login_users WHERE username='".$username."'");
        $s=mysql_fetch_array($select);
        if(!$_POST){

                $blank="<small><i>Leave the Password fields blank to not change them!</i></small>";
                echo"
                        <h2>
                                <a href=\"#\">Dashboard</a> &raquo; <a href=\"#\" class=\"active\">User Editor</a>
                        </h2>
                        <div id=\"main\">
                        <h3>Please make sure you save your password in a safe location so that you do not forget it!</h3>
                        <form action=\"index.php?page=user_edit\" method=\"post\">
                                Email Account:<br/> <input type=\"text\" name=\"email\" value=\"".$s['email']."\" /><br/><br/>
                                Current Password:<br/> <input type=\"password\" name=\"current_pass\" /> ".$blank." <br/><br/>
                                New Password:<br/> <input type=\"password\" name=\"new_pass\" /> ".$blank." <br/><br/>
                                Confirm New Password:<br/> <input type=\"password\" name=\"c_new_pass\" /> ".$blank." <br/><br/>
                                <input type=\"submit\" value=\"Update Profile\" />
                        </form>
                ";
        }
        elseif($_POST){
                $username=$_SESSION['username'];
                $email=$_POST['email'];
                $current_pass=md5($_POST['current_pass']);
                $new_pass=md5($_POST['new_pass']);
                $c_new_pass=md5($_POST['c_new_pass']);
                $count=mysql_num_rows($select);
                if($count==0){
                        echo"We were unable to find an account under this username.";
                }
                elseif(!preg_match('/^[^@]+@[a-zA-Z0-9._-]+\.[a-zA-Z]+$/', $email)){
                        echo"Please enter a valid email address.";
                }
                elseif($email==NULL){
                        echo"You cannot leave your email blank.";
                }
                else
                {
                        if(strlen($current_pass)){
                                if($new_pass != $c_new_pass){
                                        echo"Your new passwords did not match.";
                                }
                                else
                                {
                                        mysql_query("UPDATE login_users SET email='".$email.", password='".$new_pass."' WHERE username='".$username."'");
                                }
                        }
                        else
                        {
                                mysql_query("UPDATE login_users SET email='".$email."' WHERE username='".$username."'");
                        }
                }
        }
?>
                                                        </tr>
                        </table>
                        <br>
                      </div>