Index: branches/5.2.x/core/units/helpers/user_helper.php
===================================================================
diff -u -N -r14630 -r14631
--- branches/5.2.x/core/units/helpers/user_helper.php	(.../user_helper.php)	(revision 14630)
+++ branches/5.2.x/core/units/helpers/user_helper.php	(.../user_helper.php)	(revision 14631)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: user_helper.php 14630 2011-10-04 11:59:56Z alex $
+* @version	$Id: user_helper.php 14631 2011-10-04 14:23:45Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -196,12 +196,10 @@
 				$groups = Array ();
 			}
 
-			if ( $object->GetDBField('UserType') == UserType::USER ) {
-				array_push($groups, $this->Application->ConfigValue('User_NewGroup'));
+			$default_group = $this->getUserTypeGroup();
+			if ( $default_group !== false ) {
+				array_push($groups, $default_group);
 			}
-			elseif ( $object->GetDBField('UserType') == UserType::ADMIN ) {
-				array_push($groups, $this->Application->ConfigValue('User_AdminGroup'));
-			}
 
 			// store groups, because kApplication::CheckPermission will use them!
 			array_push($groups, $this->Application->ConfigValue('User_LoggedInGroup'));
@@ -212,6 +210,57 @@
 		}
 
 		/**
+		 * Returns default user group for it's type
+		 *
+		 * @return bool|string
+		 * @access protected
+		 */
+		protected function getUserTypeGroup()
+		{
+			$group_id = false;
+			$object =& $this->getUserObject();
+
+			if ( $object->GetDBField('UserType') == UserType::USER ) {
+				$group_id = $this->Application->ConfigValue('User_NewGroup');
+			}
+			elseif ( $object->GetDBField('UserType') == UserType::ADMIN ) {
+				$group_id = $this->Application->ConfigValue('User_AdminGroup');
+			}
+
+			$ip_restrictions = $this->getGroupsWithIPRestrictions();
+
+			if ( !isset($ip_restrictions[$group_id]) || kUtil::ipMatch($ip_restrictions[$group_id], "\n") ) {
+				return $group_id;
+			}
+
+			return false;
+		}
+
+		/**
+		 * Returns groups with IP restrictions
+		 *
+		 * @return Array
+		 * @access public
+		 */
+		public function getGroupsWithIPRestrictions()
+		{
+			static $cache = null;
+
+			if ( $this->Application->isDebugMode() ) {
+				return Array ();
+			}
+
+			if ( !isset($cache) ) {
+				$sql = 'SELECT IPRestrictions, GroupId
+						FROM ' . TABLE_PREFIX . 'PortalGroup
+						WHERE IPRestrictions IS NOT NULL';
+				$cache = $this->Conn->GetCol($sql, 'GroupId');
+			}
+
+			return $cache;
+		}
+
+		/**
 		 * Performs user logout
 		 *
 		 */