There actually appear to be two situations:
1. In installations that are using moderated registration, if a user profile is updated on the admin side, the user is deactivated.
At present, I think the solution for this is to change line 160-168 in wp-members-admin.php from:
if (WPMEM_MOD_REG == 1) {
$wpmem_activate_user = $_POST['activate_user'];
if( $wpmem_activate_user == 1 ) {
wpmem_a_activate_user( $user_id, $chk_pass );
} elseif( $wpmem_activate_user == 0 ) {
wpmem_a_deactivate_user( $user_id );
}
}
To this:
if (WPMEM_MOD_REG == 1) {
$wpmem_activate_user = $_POST['activate_user'];
if( $wpmem_activate_user == '' ) { $wpmem_activate_user = -1; }
if( $wpmem_activate_user == 1 ) {
wpmem_a_activate_user( $user_id, $chk_pass );
} elseif( $wpmem_activate_user == 0 ) {
wpmem_a_deactivate_user( $user_id );
}
}
That may or may not be the permanent solution at this point, but it seems to be clearing up that problem.
2. The other problem is more of a bug in the messaging, also in installs that use moderated registration. It this situation, the invalid login message on the backend (wp-login.php) is given to a user even if they have not logged in. However, this hasn’t prevented the user from logging in. That issue I am working on a fix for.
Both of these stem from code additions to allow for the user chosen password feature added in 2.7.0 to be used with moderated registration.
If your situation is different than this, let me know some additional details (if you have any).
Actually, after working on this a little more, I think the more appropriate fix is actually going to be to simply change the comparison operator from “equal to” ( == ) to “identical to” ( === ) as follows:
} elseif( $wpmem_activate_user === 0 ) {
Well, since this post, a patch was released, and the version 2.7.2 was released which corrects this issue entirely.