From 80706e417310f6c5d0a56a76bc641588fe275acc Mon Sep 17 00:00:00 2001
From: Kenneth Ezekiel <88850771+KenEzekiel@users.noreply.github.com>
Date: Wed, 15 Nov 2023 17:29:02 +0700
Subject: [PATCH] fix: cannot delete own admin account

---
 src/controllers/UserDashboardController.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/controllers/UserDashboardController.php b/src/controllers/UserDashboardController.php
index 8a2e21d..1f1ba00 100644
--- a/src/controllers/UserDashboardController.php
+++ b/src/controllers/UserDashboardController.php
@@ -117,7 +117,7 @@ class UserDashboardController extends BaseController
           $confirm_delete = $_POST['delete_confirm'];
 
           // If user has confirmed deletion
-          if ($confirm_delete == 'yes') {
+          if ($confirm_delete == 'yes' && $user->user_id != $_SESSION['user_id']) {
             // Call service
             $response = $this->service->deleteById($user->user_id);
             if ($response == 1) {
@@ -139,6 +139,9 @@ class UserDashboardController extends BaseController
             unset($urlParams['user_id']);
             unset($urlParams['delete_confirm']);
             unset($urlParams['errorMsg']);
+            if ($user->user_id == $_SESSION['user_id']) {
+              $urlParams['msg'] = "Cannot delete own account";
+            }
             // Redirect to own link, but with no params
             parent::redirect("/user-dashboard", $urlParams);
           }
-- 
GitLab