Commit 768d5e81 authored by Franco Fichtner's avatar Franco Fichtner

system: prevent user from deleting itself; closes #1031

Bravely assisted by: @ShaRose
parent 6e0b70a8
......@@ -165,13 +165,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if ($act == "deluser" && isset($id)) {
// drop user
local_user_del($a_user[$id]);
$userdeleted = $a_user[$id]['name'];
unset($a_user[$id]);
write_config();
$savemsg = gettext("User")." {$userdeleted} ". gettext("successfully deleted");
header("Location: system_usermanager.php?savemsg=".$savemsg);
exit;
if ($_SESSION['Username'] === $a_user[$id]['name']) {
$input_errors[] = gettext('You cannot delete yourself.');
} else {
local_user_del($a_user[$id]);
$userdeleted = $a_user[$id]['name'];
unset($a_user[$id]);
write_config();
$savemsg = gettext("User")." {$userdeleted} ". gettext("successfully deleted");
header("Location: system_usermanager.php?savemsg=".$savemsg);
exit;
}
} elseif ($act == "delcert" && isset($id)) {
// remove certificate association
$certdeleted = lookup_cert($a_user[$id]['cert'][$pconfig['certid']]);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment