I think there is a typo in the Official Web2py book in chapter 8: http://web2py.com/book/default/chapter/08#Restrictions-on-registration
In the section labeled "Restrictions on registration": Via the appadmin interface, you can also block a user from logging in. Locate the user in the table auth_user and set the registration_key to "blocked". "blocked" users are not allowed to log in. But according to the source code, Auth.login() method in web2py/gluon/tools.py, I think it should be "disabled" instead of "blocked". Thanks, Yoshiyuki
