Do not allow a user to access the app if their account was removed.

application/core/EA_Controller.php

@@ -75,6 +75,10 @@ class EA_Controller extends CI_Controller {
     {
         parent::__construct();
 
+        $this->load->library('accounts');
+
+        $this->ensure_user_exists();
+
         $this->configure_language();
 
         $this->load_common_html_vars();
@@ -125,4 +129,21 @@ class EA_Controller extends CI_Controller {
             'csrf_token' => $this->security->get_csrf_hash(),
         ]);
     }
+
+    private function ensure_user_exists()
+    {
+        $user_id = session('user_id');
+
+        if ( ! $user_id)
+        {
+            return;
+        }
+
+        if ( ! $this->accounts->does_account_exist($user_id))
+        {
+            session_destroy();
+
+            abort(403, 'Forbidden');
+        }
+    }
 }

application/libraries/Accounts.php

@@ -146,4 +146,16 @@ class Accounts {
 
         return $new_password;
     }
+
+    /**
+     * Check if a user account exists or not.
+     *
+     * @param int $user_id
+     *
+     * @return bool
+     */
+    public function does_account_exist(int $user_id): bool
+    {
+        return $this->CI->users_model->query()->where(['id' => $user_id, 'delete_datetime' => NULL])->get()->num_rows() > 0;
+    }
 }