From 3bad98e53b2a951920b32957bbf8fcde64c6d261 Mon Sep 17 00:00:00 2001
From: Madeline <46743919+MaddyUnderStars@users.noreply.github.com>
Date: Wed, 29 May 2024 08:44:26 +0000
Subject: [PATCH] Force logout if deleting own user

---
 system/modules/admin/actions/userdel.php | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/system/modules/admin/actions/userdel.php b/system/modules/admin/actions/userdel.php
index 27123b442..4413c1293 100755
--- a/system/modules/admin/actions/userdel.php
+++ b/system/modules/admin/actions/userdel.php
@@ -1,12 +1,18 @@
 <?php
 function userdel_GET(Web $w) {
 	$w->pathMatch("id");
-	$user = AuthService::getInstance($w)->getObject("User",$w->ctx("id"));
+	$user = AuthService::getInstance($w)->getObject("User", $w->ctx("id"));
 	if ($user) {
 		$user->delete();
-		$w->msg("User ".$user->login." deleted.","/admin/users");
+
+		if ($w->session('user_id') == $w->ctx("id")) {
+			// We deleted our own user, force logout
+			$w->sessionDestroy();
+			$w->redirect($w->localUrl("/auth/login"));
+		} else {
+			$w->msg("User " . $user->login . " deleted.", "/admin/users");
+		}
 	} else {
-		$w->error("User ".$w->ctx("id")." does not exist.","/admin/users");
+		$w->error("User " . $w->ctx("id") . " does not exist.", "/admin/users");
 	}
-
-}
\ No newline at end of file
+}