Index: branches/5.2.x/core/units/helpers/user_helper.php
===================================================================
diff -u -N -r14628 -r14630
--- branches/5.2.x/core/units/helpers/user_helper.php	(.../user_helper.php)	(revision 14628)
+++ branches/5.2.x/core/units/helpers/user_helper.php	(.../user_helper.php)	(revision 14630)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: user_helper.php 14628 2011-10-04 09:36:30Z alex $
+* @version	$Id: user_helper.php 14630 2011-10-04 11:59:56Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -185,22 +185,28 @@
 		function checkLoginPermission()
 		{
 			$object =& $this->getUserObject();
+			$ip_restrictions = $object->GetDBField('IPRestrictions');
 
+			if ( $ip_restrictions && !$this->Application->isDebugMode() && !kUtil::ipMatch($ip_restrictions, "\n") ) {
+				return false;
+			}
+
 			$groups = $object->getMembershipGroups(true);
-			if (!$groups) {
-				$groups = Array();
+			if ( !$groups ) {
+				$groups = Array ();
 			}
 
 			if ( $object->GetDBField('UserType') == UserType::USER ) {
-				array_push($groups, $this->Application->ConfigValue('User_NewGroup') );
+				array_push($groups, $this->Application->ConfigValue('User_NewGroup'));
 			}
 			elseif ( $object->GetDBField('UserType') == UserType::ADMIN ) {
-				array_push($groups, $this->Application->ConfigValue('User_AdminGroup') );
+				array_push($groups, $this->Application->ConfigValue('User_AdminGroup'));
 			}
 
 			// store groups, because kApplication::CheckPermission will use them!
-			array_push($groups, $this->Application->ConfigValue('User_LoggedInGroup') );
-			$this->Application->StoreVar( 'UserGroups', implode(',', $groups), true ); // true for optional
+			array_push($groups, $this->Application->ConfigValue('User_LoggedInGroup'));
+			$groups = array_unique($groups);
+			$this->Application->StoreVar('UserGroups', implode(',', $groups), true); // true for optional
 
 			return $this->Application->CheckPermission($this->Application->isAdmin ? 'ADMIN' : 'LOGIN', 1);
 		}
@@ -295,7 +301,7 @@
 			// synchronize login
 			$sync_manager =& $this->Application->recallObject('UsersSyncronizeManager', null, Array(), Array ('InPortalSyncronize'));
 			/* @var $sync_manager UsersSyncronizeManager */
-			
+
 			$sync_manager->performAction('LoginUser', $username, $password);
 		}
 
@@ -360,10 +366,10 @@
 		public function &getUserObject()
 		{
 			$prefix_special = $this->Application->isAdmin ? 'u.current' : 'u'; // "u" used on front not to change theme
-			
+
 			$object =& $this->Application->recallObject($prefix_special, null, Array('skip_autoload' => true));
 			/* @var $object UsersItem */
-			
+
 			return $object;
 		}