Should it be "...should not be allowed to login..."? http://web2py.com/book/default/chapter/08?search=auth.settings.login_next#Settings-and-Messages
If new registrants should be allow to login until approved set this to True: 1. auth.settings.registration_requires_approval = False
