Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.745
diff -u -p -r1.745 user.module
--- modules/user/user.module	11 Jan 2007 08:52:45 -0000	1.745
+++ modules/user/user.module	13 Jan 2007 03:15:28 -0000
@@ -434,7 +434,13 @@ function user_search($op = 'search', $ke
         $find = array();
         // Replace wildcards with MySQL/PostgreSQL wildcards.
         $keys = preg_replace('!\*+!', '%', $keys);
-        $result = pager_query("SELECT * FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys);
+        if (user_access('administer users')) {
+          $result = pager_query("SELECT * FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys);
+        }
+        else {
+          // Exclude from the search blocked users and self-registered users who have never logged in.
+          $result = pager_query("SELECT * FROM {users} WHERE status != 0 AND access != 0 AND LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys);
+        }
         while ($account = db_fetch_object($result)) {
           $find[] = array('title' => $account->name, 'link' => url('user/'. $account->uid, NULL, NULL, TRUE));
         }
@@ -1170,9 +1176,15 @@ function user_register() {
   $form = array_merge($form, user_edit_form(NULL, NULL, TRUE));
   if ($admin) {
     $form['account']['notify'] = array(
-     '#type' => 'checkbox',
-     '#title' => t('Notify user of new account')
+      '#type' => 'checkbox',
+      '#title' => t('Notify user of new account')
     );
+    // Access is set to -1 for administrator-created users in order to distinguish
+    // these from self-registered accounts where access == 0 until the user logs in.
+    $form['access'] = array(
+      '#type' => 'value',
+      '#value' => -1,
+    );  
     // Redirect back to page which initiated the create request; usually admin/user/user/create
     $form['destination'] = array('#type' => 'hidden', '#value' => $_GET['q']);
   }
@@ -2041,7 +2053,7 @@ function user_admin_account() {
     asort($users_roles);
     $form['roles'][$account->uid][0] = array('#value' => theme('item_list', $users_roles));
     $form['member_for'][$account->uid] = array('#value' => format_interval(time() - $account->created));
-    $form['last_access'][$account->uid] =  array('#value' => $account->access ? t('@time ago', array('@time' => format_interval(time() - $account->access))) : t('never'));
+    $form['last_access'][$account->uid] = array('#value' => $account->access > 0 ? t('@time ago', array('@time' => format_interval(time() - $account->access))) : t('never'));
     $form['operations'][$account->uid] = array('#value' => l(t('edit'), "user/$account->uid/edit", array(), $destination));
   }
   $form['accounts'] = array(