X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fusers.php;h=d51426d71614421484974f88fc6631feb63b6343;hb=5ac9ea61baac0cf298b07317051da51e781645b7;hp=9fde1d93b3f8d457a616aa2fd877a9e76d75ada7;hpb=d9b4de9d7e9d3ba77f6ece752fd6cc988effd8f1;p=fa-stable.git

diff --git a/admin/users.php b/admin/users.php
index 9fde1d93..d51426d7 100644
--- a/admin/users.php
+++ b/admin/users.php
@@ -55,7 +55,7 @@ function can_process()
 
 //-------------------------------------------------------------------------------------------------
 
-if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') 
+if (($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') && check_csrf_token())
 {
 
 	if (can_process())
@@ -91,18 +91,27 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
 
 //-------------------------------------------------------------------------------------------------
 
-if ($Mode == 'Delete')
+if ($Mode == 'Delete' && check_csrf_token())
 {
-	delete_user($selected_id);
-	display_notification_centered(_("User has been deleted."));
-	$Mode = 'RESET';
+	$cancel_delete = 0;
+    if (key_in_foreign_table($selected_id, 'audit_trail', 'user'))
+    {
+        $cancel_delete = 1;
+        display_error(_("Cannot delete this user because entries are associated with this user."));
+    }
+    if ($cancel_delete == 0) 
+    {
+    	delete_user($selected_id);
+    	display_notification_centered(_("User has been deleted."));
+    } //end if Delete group
+    $Mode = 'RESET';
 }
 
 //-------------------------------------------------------------------------------------------------
 if ($Mode == 'RESET')
 {
  	$selected_id = -1;
-	$sav = get_post('show_inactive');
+	$sav = get_post('show_inactive', null);
 	unset($_POST);	// clean all input fields
 	$_POST['show_inactive'] = $sav;
 }
@@ -219,4 +228,3 @@ submit_add_or_update_center($selected_id == -1, '', 'both');
 
 end_form();
 end_page();
-?>