Index: lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java
===================================================================
diff -u -r660fde180a1b4dbfbe304df8eeef71459aa91f95 -ra8981415e05a0fdccf3b6d0bfd57be0356c352f0
--- lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java	(.../UniversalLoginModule.java)	(revision 660fde180a1b4dbfbe304df8eeef71459aa91f95)
+++ lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java	(.../UniversalLoginModule.java)	(revision a8981415e05a0fdccf3b6d0bfd57be0356c352f0)
@@ -128,6 +128,11 @@
 				if (user == null)
 					return false;
 
+				if (user.getDisabledFlag()) {
+					log.debug("===> user is disabled.");
+					return false;
+				}
+				
 				AuthenticationMethod method = null;
 				try {
 					method = user.getAuthenticationMethod();
@@ -175,7 +180,7 @@
 				//if login is valid, register userDTO into session.
 				if(isValid){
 					HttpSession sharedsession = SessionManager.getSession(); 
-					sharedsession.setAttribute(AttributeNames.USER,user.getUserDTO());					
+					sharedsession.setAttribute(AttributeNames.USER,user.getUserDTO());
 				}
 			} catch (Exception e) {
 				e.printStackTrace();