access: allow root disable and prevent to disable own user

PR: https://forum.opnsense.org/index.php?topic=3684

src/etc/inc/auth.inc

@@ -429,7 +429,6 @@ function local_user_set(&$user)
     /* root user special handling */
     if ($user_uid == 0) {
         $user_shell = isset($user['shell']) ? $user['shell'] : '/usr/local/etc/rc.initial';
-        $lock_account = 'unlock';
         $user_group = 'wheel';
         $user_home = '/root';
     }

src/www/system_usermanager.php

@@ -236,6 +236,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             $input_errors[] = gettext("The passwords do not match.");
         }
 
+        if (!empty($pconfig['disabled']) && $_SESSION['Username'] === $a_user[$id]['name']) {
+            $input_errors[] = gettext('You cannot disable yourself.');
+        }
+
         if (isset($id)) {
             $oldusername = $a_user[$id]['name'];
         } else {
@@ -262,7 +266,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             }
         }
 
-        /*
+       /*
        * Check for a valid expirationdate if one is set at all (valid means,
        * DateTime puts out a time stamp so any DateTime compatible time
        * format may be used. to keep it simple for the enduser, we only