Primary admin should never be allowed to be deleted by sub-admins

diff --git a/admin/user.php b/admin/user.php
index dcb943100ee2113d4f2150deb8d5b05dff017a96..c563aa95285f609de0d16e5a53ebf83a103dbab7 100644 (file)
--- a/admin/user.php
+++ b/admin/user.php
@@ -107,6 +107,12 @@
             if (!$user = get_record("user", "id", "$delete")) {
                 error("No such user!");
             }
+
+            $primaryadmin = get_admin();
+            if ($user->id == $primaryadmin->id) {
+                error("You are not allowed to delete the primary admin user!");
+            }
+
             if ($confirm != md5($delete)) {
                 notice_yesno(get_string("deletecheckfull", "", "'$user->firstname $user->lastname'"),
                      "user.php?delete=$delete&confirm=".md5($delete), "user.php");