From 768d5e8113aac2f089b03d1b5ce1ff82ae54200d Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Sat, 23 Jul 2016 18:11:27 +0200
Subject: [PATCH] system: prevent user from deleting itself; closes #1031

Bravely assisted by: @ShaRose
---
 src/www/system_usermanager.php | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/src/www/system_usermanager.php b/src/www/system_usermanager.php
index e38dfacc7..f8474fd09 100644
--- a/src/www/system_usermanager.php
+++ b/src/www/system_usermanager.php
@@ -165,13 +165,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
 
     if ($act == "deluser" && isset($id)) {
         // drop user
-        local_user_del($a_user[$id]);
-        $userdeleted = $a_user[$id]['name'];
-        unset($a_user[$id]);
-        write_config();
-        $savemsg = gettext("User")." {$userdeleted} ". gettext("successfully deleted");
-        header("Location: system_usermanager.php?savemsg=".$savemsg);
-        exit;
+        if ($_SESSION['Username'] === $a_user[$id]['name']) {
+            $input_errors[] = gettext('You cannot delete yourself.');
+        } else {
+            local_user_del($a_user[$id]);
+            $userdeleted = $a_user[$id]['name'];
+            unset($a_user[$id]);
+            write_config();
+            $savemsg = gettext("User")." {$userdeleted} ". gettext("successfully deleted");
+            header("Location: system_usermanager.php?savemsg=".$savemsg);
+            exit;
+        }
     } elseif ($act == "delcert" && isset($id)) {
         // remove certificate association
         $certdeleted = lookup_cert($a_user[$id]['cert'][$pconfig['certid']]);