Add comment to clarify why we disable the user and unconfirm the email
authorjoshuaruesweg <ruesweg@woltlab.com>
Thu, 18 Jun 2020 17:25:45 +0000 (19:25 +0200)
committerjoshuaruesweg <ruesweg@woltlab.com>
Thu, 18 Jun 2020 17:25:45 +0000 (19:25 +0200)
wcfsetup/install/files/lib/data/user/UserAction.class.php

index a0c4abf00d99097499e4b0bb7635c27b78199b70..794e8d965a9a9f735508ce1f0c110a5dfc52c668 100644 (file)
@@ -729,6 +729,10 @@ class UserAction extends AbstractDatabaseObjectAction implements IClipboardActio
        public function disable() {
                if (empty($this->objects)) $this->readObjects();
                
+               // We reset the activationCode (which indicates, that the user is not enabled) AND disable the email
+               // confirm status, because if the user can enable himself by an email confirmation and we do not reset 
+               // the email confirmed status, the behavior is undefined, because an user exists, which is not enabled
+               // but has a valid email address (Which doesn't usually happen). 
                $action = new UserAction($this->objects, 'update', [
                        'data' => [
                                'activationCode' => UserRegistrationUtil::getActivationCode(),