Wrong message on cancelling account with e-mail confirmation request

Created on 21 June 2018, over 7 years ago
Updated 8 March 2023, over 2 years ago

Problem/Motivation

When users cancel their own account, they're displayed with the message "A confirmation request to cancel your account has been sent to your e-mail address" - which is absolutely correct for this case.

However, when an admin cancels a user account and chooses to e-mail a confirmation request to such user, the same message is displayed - which is not correct. It should be something along the line of "A confirmation request to cancel this user account has been sent to the userโ€™s e-mail address"

When an admin cancels a user account without choosing to e-mail a confirmation request to the user, all is well and a correct message is displayed (user@email.com was deleted).

<!--break-->

What are the steps required to reproduce the bug?
1. As an admin, click the 'cancel account' link for any user (other than yourself)
2. Tick the 'Require e-mail confirmation to cancel account' option
3. Click the 'cancel account' button

What behavior were you expecting?
The admin should see a message similar to "A confirmation request to cancel this user account has been sent to the userโ€™s e-mail address".

What happened instead?
The admin sees the message "A confirmation request to cancel your account has been sent to your e-mail address" - which would be the expected behaviours if a user was cancelling his/her own account.
This message leads to confusion for admins (who actually reported this bug).

Proposed resolution

In /modules/user/user.pages.inc (in the submit handler for the user_cancel_submit_form), in the event the user account is not cancelled immediately, we need to introduce a new message aimed at admins cancelling other users' accounts.
I can't create patches, but the simple solution is highlighted below:

/**
 * Submit handler for the account cancellation confirm form.
 *
 * @see user_cancel_confirm_form()
 * @see user_multiple_cancel_confirm_submit()
 */
function user_cancel_confirm_form_submit($form, &$form_state) {
  global $user;
  $account = $form_state['values']['_account'];

  // Cancel account immediately, if the current user has administrative
  // privileges, no confirmation mail shall be sent, and the user does not
  // attempt to cancel the own account.
  if (user_access('administer users') && empty($form_state['values']['user_cancel_confirm']) && $account->uid != $user->uid) {
    user_cancel($form_state['values'], $account->uid, $form_state['values']['user_cancel_method']);

    $form_state['redirect'] = 'admin/people';
  }
  else {
    // Store cancelling method and whether to notify the user in $account for
    // user_cancel_confirm().
    $edit = array(
      'user_cancel_method' => $form_state['values']['user_cancel_method'],
      'user_cancel_notify' => $form_state['values']['user_cancel_notify'],
    );
    $account = user_save($account, $edit);
    _user_mail_notify('cancel_confirm', $account);

    /* START OF CHANGE */
    if ($account->uid != $user->uid) {
      drupal_set_message(t('A confirmation request to cancel this user account has been sent to the userโ€™s e-mail address.'));
    }
    else {
      drupal_set_message(t('A confirmation request to cancel your account has been sent to your e-mail address.'));
    }
    /* END OF CHANGE */

    watchdog('user', 'Sent account cancellation request to %name %email.', array('%name' => $account->name, '%email' => '<' . $account->mail . '>'), WATCHDOG_NOTICE);

    $form_state['redirect'] = "user/$account->uid";
  }
}

Thanks,
Luca

๐Ÿ› Bug report
Status

Needs work

Version

10.1 โœจ

Component
User moduleย  โ†’

Last updated 27 days ago

Created by

๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom jaxtheking

Live updates comments and jobs are added and updated live.
  • Needs backport to D7

    After being applied to the 8.x branch, it should be considered for backport to the 7.x branch. Note: This tag should generally remain even after the backport has been written, approved, and committed.

  • Needs issue summary update

    Issue summaries save everyone time if they are kept up-to-date. See Update issue summary task instructions.

Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024