From 81d591cd9df2f540d56cb8ceef68f8ea7a0383fb Mon Sep 17 00:00:00 2001
From: Nate Jones <git@reliberate.com>
Date: Tue, 17 Jun 2014 21:24:44 +0000
Subject: [PATCH] Enhanced delete own domain/user prevention.

---
 core/domain_settings/domains.php | 9 +++++++--
 core/users/users.php             | 4 ++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/core/domain_settings/domains.php b/core/domain_settings/domains.php
index 542cfb8d1e..c94365a99f 100644
--- a/core/domain_settings/domains.php
+++ b/core/domain_settings/domains.php
@@ -184,8 +184,13 @@ else {
 			if (permission_exists('domain_edit')) {
 				echo "<a href='domain_edit.php?id=".$row['domain_uuid']."' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
 			}
-			if (permission_exists('domain_delete')) {
-				echo "<a href='domain_delete.php?id=".$row['domain_uuid']."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>";
+			if (permission_exists('domain_delete') && $result_count > 1) {
+				if ($_SESSION["groups"][0]["domain_uuid"] != $row['domain_uuid']) {
+					echo "<a href='domain_delete.php?id=".$row['domain_uuid']."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>";
+				}
+				else {
+					echo "<span onclick=\"alert('You cannot delete your own domain.\\n\\nPlease login with a user account under a different domain, then try again.');\">".$v_link_label_delete."</span>";
+				}
 			}
 			echo "	</td>\n";
 			echo "</tr>\n";
diff --git a/core/users/users.php b/core/users/users.php
index d3330e0483..bca4703d65 100644
--- a/core/users/users.php
+++ b/core/users/users.php
@@ -163,12 +163,12 @@ echo "	<td align=\"center\">\n";
 				if (permission_exists('user_edit')) {
 					echo "<a href='usersupdate.php?id=".$row['user_uuid']."' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
 				}
-				if (permission_exists('user_delete')) {
+				if (permission_exists('user_delete') && $result_count > 1) {
 					if ($_SESSION["user"]["user_uuid"] != $row['user_uuid']) {
 						echo "<a href='userdelete.php?id=".$row['user_uuid']."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">".$v_link_label_delete."</a>";
 					}
 					else {
-						echo $v_link_label_delete; // no you can't delete your own account, duh
+						echo "<span onclick=\"alert('You cannot delete your own user account.\\n\\nPlease login as a different user, then try again.');\">".$v_link_label_delete."</span>";
 					}
 				}
 				echo "	</td>\n";