From 8d3a815ca81ee2dd1a8aafbfa2fe9b6d80557739 Mon Sep 17 00:00:00 2001
From: Salanto <62221668+Salanto@users.noreply.github.com>
Date: Sun, 13 Mar 2022 06:29:04 +0100
Subject: [PATCH] Fix user deletion (#240)

* Minr change to DB code, not fixed or tested yet

* Fix user deletion for good.

* Typo

* Add scoping

Code shamelessly stolen from Cerapter. Thanks for telling me how to scope.

Co-Authored-By: Cerapter <43446478+Cerapter@users.noreply.github.com>

Co-authored-by: Cerapter <43446478+Cerapter@users.noreply.github.com>
---
 core/src/db_manager.cpp | 32 +++++++++++++++++++++-----------
 1 file changed, 21 insertions(+), 11 deletions(-)

diff --git a/core/src/db_manager.cpp b/core/src/db_manager.cpp
index 193460c..e80e0b8 100644
--- a/core/src/db_manager.cpp
+++ b/core/src/db_manager.cpp
@@ -198,19 +198,29 @@ bool DBManager::createUser(QString username, QString salt, QString password, uns
 
 bool DBManager::deleteUser(QString username)
 {
-    QSqlQuery username_exists;
-    username_exists.prepare("SELECT ACL FROM users WHERE USERNAME = ?");
-    username_exists.addBindValue(username);
-    username_exists.exec();
-
-    if (!username_exists.first())
+    if (username == "root") {
+        //To prevent lockout scenarios where an admin may accidentally delete root.
         return false;
+    }
 
-    QSqlQuery query;
-    query.prepare("DELETE FROM users WHERE USERNAME = ?");
-    username_exists.addBindValue(username);
-    username_exists.exec();
-    return true;
+    {
+        QSqlQuery username_exists;
+        username_exists.prepare("SELECT EXISTS(SELECT USERNAME FROM users WHERE USERNAME = ?)");
+        username_exists.addBindValue(username);
+        username_exists.exec();
+        username_exists.first();
+        //If EXISTS can't find a record, it returns 0.
+        if (username_exists.value(0).toInt() == 0)
+            //We were unable to locate an entry with this name.
+            return false;
+    }
+    {
+        QSqlQuery username_delete;
+        username_delete.prepare("DELETE FROM users WHERE USERNAME = ?");
+        username_delete.addBindValue(username);
+        username_delete.exec();
+        return true;
+    }
 }
 
 unsigned long long DBManager::getACL(QString moderator_name)