boxwise · HaGuesto · Mar 23, 2026 · Feb 6, 2026 · Feb 6, 2026 · Feb 6, 2026
diff --git a/assets/js/custom.js b/assets/js/custom.js
@@ -631,9 +631,6 @@ $(".delete-user").on("click", function (e) {
         $.ajax({
             type: "post",
             url: "ajax.php?file=deleteprofile",
-            data: {
-                cms_user_id: el.data("id"),
-            },
             dataType: "json",
             success: function (result) {
                 AjaxCheckSuccess(result);

diff --git a/library/ajax/deleteprofile.php b/library/ajax/deleteprofile.php
@@ -1,14 +1,15 @@
 <?php
 
 db_transaction(function () {
+    $user_id = $_SESSION['user']['id'];
     // Only append .deleted suffix if the email doesn't already have it
     // This prevents double-deletion if the query is somehow executed twice
     // Pattern checks for .deleted.<digits> after the @ symbol (e.g., user@domain.com.deleted.123)
-    db_query('UPDATE cms_users SET deleted = NOW(), email = CONCAT(email,".deleted.",id) WHERE id = :id AND (NOT deleted OR deleted IS NULL) AND email NOT REGEXP "@.*\.deleted\.[0-9]+$"', ['id' => $_POST['cms_user_id']]);
-    updateAuth0UserFromDb($_POST['cms_user_id']);
+    db_query('UPDATE cms_users SET modified = NOW(), modified_by = :id, deleted = NOW(), email = CONCAT(email,".deleted.",id) WHERE id = :id AND (NOT deleted OR deleted IS NULL) AND email NOT REGEXP "@.*\.deleted\.[0-9]+$"', ['id' => $user_id]);
+    updateAuth0UserFromDb($user_id);
+    simpleSaveChangeHistory('cms_users', $user_id, 'Record deleted');
 });
 
-simpleSaveChangeHistory('cms_users', $_POST['cms_user_id'], 'Record deleted without undelete');
 // when a user deactive its account we need to ensure that user logged out immediately and then redirected to Auth0 login page
 global $settings;
 logout();