Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.739
diff -u -p -r1.739 user.module
--- modules/user/user.module	7 Jan 2007 08:20:31 -0000	1.739
+++ modules/user/user.module	10 Jan 2007 00:15:02 -0000
@@ -434,7 +434,13 @@ function user_search($op = 'search', $ke
         $find = array();
         // Replace wildcards with MySQL/PostgreSQL wildcards.
         $keys = preg_replace('!\*+!', '%', $keys);
-        $result = pager_query("SELECT * FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys);
+        if (user_access('administer users')) {
+          $result = pager_query("SELECT * FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys);
+        }
+        else {
+          // Exclude from the search blocked users and self-registered users who have never logged in.
+          $result = pager_query("SELECT * FROM {users} WHERE status != 0 AND access != 0 AND LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys);
+        }
         while ($account = db_fetch_object($result)) {
           $find[] = array('title' => $account->name, 'link' => url('user/'. $account->uid, NULL, NULL, TRUE));
         }
@@ -1173,6 +1179,12 @@ function user_register() {
      '#type' => 'checkbox',
      '#title' => t('Notify user of new account')
     );
+    // Access is set to -1 for administrator-created users in order to distinguish
+    // these from self-registered accounts where access == 0 until the user logs in.
+    $form['access'] = array(
+     '#type' => 'value',
+     '#value' => -1,
+    );  
     // Redirect back to page which initiated the create request; usually admin/user/user/create
     $form['destination'] = array('#type' => 'hidden', '#value' => $_GET['q']);
   }
@@ -1494,7 +1506,7 @@ function user_view($uid = 0) {
 
   $account = user_load(array('uid' => $uid));
   if ($account === FALSE || ($account->access == 0 && !user_access('administer users'))) {
-    return drupal_not_found();
+    return drupal_access_denied();
   }
   // Retrieve and merge all profile fields:
   $fields = array();
@@ -2038,7 +2050,7 @@ function user_admin_account() {
     asort($users_roles);
     $form['roles'][$account->uid][0] = array('#value' => theme('item_list', $users_roles));
     $form['member_for'][$account->uid] = array('#value' => format_interval(time() - $account->created));
-    $form['last_access'][$account->uid] =  array('#value' => $account->access ? t('@time ago', array('@time' => format_interval(time() - $account->access))) : t('never'));
+    $form['last_access'][$account->uid] = array('#value' => $account->access > 0 ? t('@time ago', array('@time' => format_interval(time() - $account->access))) : t('never'));
     $form['operations'][$account->uid] = array('#value' => l(t('edit'), "user/$account->uid/edit", array(), $destination));
   }
   $form['accounts'] = array(