From 4f08ba65773367e8b587f41663c8f4c78dba2264 Mon Sep 17 00:00:00 2001
From: Mark Crane <markjcrane@gmail.com>
Date: Fri, 23 Nov 2012 02:57:34 +0000
Subject: [PATCH] Fix the code so that deleting and superadmin is not possible
 unless the user account used to do it is in the superadmin group.

---
 core/users/userdelete.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/core/users/userdelete.php b/core/users/userdelete.php
index 7d67860c03..884dbb38fc 100644
--- a/core/users/userdelete.php
+++ b/core/users/userdelete.php
@@ -53,12 +53,14 @@ else {
 
 //required to be a superadmin to delete a member of the superadmin group
 	$superadmin_list = superadmin_list($db);
-	if (if_superadmin($superadmin_list, $_SESSION['user_uuid'])) {
+	if (if_superadmin($superadmin_list, $user_uuid)) {
 		if (!if_group("superadmin")) { 
-			echo "access denied";
+			//access denied - do not delete the user
+			header("Location: index.php");
 			return;
 		}
 	}
+
 //delete the user
 	$sql_delete = "delete from v_users ";
 	$sql_delete .= "where domain_uuid = '$domain_uuid' ";