Something like this should point you in the right direction:
function updateUser($newPassword = '', $newEmail=""){
$update = array();
if(!empty($newPassword))
$update['user_pass'] = $newPassword;
if(!empty($newEmail))
$update['user_email'] = $newEmail;
if(!empty($update)){
$update['ID'] = wp_get_current_user_id();
return wp_update_user($update);
}
return;
}
See wp_update_user() for more info on how that function works. You should also verify the source of the post data with a nonce.