Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.883
diff -u -p -r1.883 user.module
--- modules/user/user.module	28 Dec 2007 12:02:52 -0000	1.883
+++ modules/user/user.module	31 Dec 2007 15:51:30 -0000
@@ -200,6 +200,9 @@ function user_load($array = array()) {
  *
  * @param $category
  *   (optional) The category for storing profile information in.
+ *
+ * @return
+ *   A fully-loaded $user object upon successful save or FALSE if the save failed.
  */
 function user_save($account, $array = array(), $category = 'account') {
   // Dynamically compose a SQL query:
@@ -238,7 +241,11 @@ function user_save($account, $array = ar
     $query .= "data = '%s' ";
     $v[] = serialize($data);
 
-    db_query("UPDATE {users} SET $query WHERE uid = %d", array_merge($v, array($account->uid)));
+    $success = db_query("UPDATE {users} SET $query WHERE uid = %d", array_merge($v, array($account->uid)));
+    if (!$success) {
+      // The query failed - better to abort the save than risk further data loss.
+      return FALSE;
+    }
 
     // Reload user roles if provided
     if (isset($array['roles']) && is_array($array['roles'])) {
@@ -311,9 +318,15 @@ function user_save($account, $array = ar
           break;
       }
     }
-    db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values);
+    $success = db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values);
     $array['uid'] = db_last_insert_id('users', 'uid');
 
+    if (!$success) {
+      // On a failed INSERT some other existing user's uid may be returned.  We
+      // must abort to avoid overwirting their account.
+      return FALSE;
+    }
+    
     // Build the initial user object.
     $user = user_load(array('uid' => $array['uid']));