--- userreference.module.orig	2008-02-11 18:51:48.000000000 -0500
+++ userreference.module	2008-02-11 18:56:23.000000000 -0500
@@ -61,7 +61,7 @@ function userreference_field($op, &$node
       foreach ($items as $delta => $item) {
         $error_field = isset($item['error_field']) ? $item['error_field'] : '';
         unset($item['error_field']);
-        if (!empty($item['uid']) && !in_array($item['uid'], array_keys(_userreference_potential_references($field)))) {
+        if (!empty($item['uid']) && !_userreference_valid_uid($item['uid'], $field)) {
           form_set_error($error_field, t('%name : Invalid user.', array('%name' => t($field['widget']['label']))));
         }
       }
@@ -282,4 +282,24 @@ function _userreference_filter_handler($
   $options = views_handler_filter_usercurrent();
   $options = $options + _userreference_potential_references($filterinfo['extra']['field']);
   return $options;
+}
+
+/**
+ * Returns true if the uid is a valid reference.
+ */
+function _userreference_valid_uid($uid, $field) {
+  $roles = array();
+  if (is_array($field['referenceable_roles'])) {
+    // keep only selected checkboxes
+    $roles = array_filter($field['referenceable_roles']);
+    // filter invalid values that seems to get through sometimes ??
+    $roles = array_intersect(array_keys(user_roles(1)), $roles);
+  }
+  if (empty($roles) || in_array(DRUPAL_AUTHENTICATED_RID, $roles)) {
+    $result = db_result(db_query('SELECT u.name FROM {users} u WHERE uid = %d', $uid));
+  }
+  else {
+    $result = db_result(db_query('SELECT u.name FROM {users} u LEFT JOIN {users_roles} r ON u.uid = r.uid WHERE u.uid = %d AND r.rid IN ('. implode($roles, ',') .')', $uid));
+  }
+  return !empty($result);
 }
\ No newline at end of file
