Index: branches/5.2.x/core/units/users/users_event_handler.php
===================================================================
diff -u -N -r16012 -r16016
--- branches/5.2.x/core/units/users/users_event_handler.php	(.../users_event_handler.php)	(revision 16012)
+++ branches/5.2.x/core/units/users/users_event_handler.php	(.../users_event_handler.php)	(revision 16016)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: users_event_handler.php 16012 2014-03-17 21:34:37Z alex $
+* @version	$Id: users_event_handler.php 16016 2014-03-19 20:18:21Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -53,26 +53,6 @@
 		}
 
 		/**
-		 * Returns fields, that are not allowed to be changed from request
-		 *
-		 * @param Array $hash
-		 * @return Array
-		 * @access protected
-		 */
-		protected function getRequestProtectedFields($hash)
-		{
-			$fields = parent::getRequestProtectedFields($hash);
-
-			$fields = array_merge($fields, Array ('PrevEmails', 'ResourceId', 'IPAddress', 'IsBanned', 'PwResetConfirm', 'PwRequestTime', 'OldStyleLogin'));
-
-			if ( !$this->Application->isAdmin ) {
-				$fields = array_merge($fields, Array ('UserType', 'Status', 'EmailVerified', 'IsBanned'));
-			}
-
-			return $fields;
-		}
-
-		/**
 		 * Builds item (loads if needed)
 		 *
 		 * Pattern: Prototype Manager
@@ -282,8 +262,7 @@
 			$object = $event->getObject( Array ('form_name' => 'login') );
 			/* @var $object kDBItem */
 
-			$field_values = $this->getSubmittedFields($event);
-			$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+			$object->SetFieldsFromHash($this->getSubmittedFields($event));
 			$username = $object->GetDBField('UserLogin');
 			$password = $object->GetDBField('UserPassword');
 			$remember_login = $object->GetDBField('UserRememberLogin') == 1;
@@ -432,7 +411,7 @@
 				$this->Application->SetVar($event->getPrefixSpecial(true), Array ($object->GetID() => $field_values));
 			}
 
-			$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+			$object->SetFieldsFromHash($field_values);
 			$event->setEventParam('form_data', $field_values);
 
 			$status = $object->isLoaded() ? $object->Update() : $object->Create();
@@ -643,8 +622,7 @@
 			$object = $event->getObject( Array ('form_name' => 'recommend') );
 			/* @var $object kDBItem */
 
-			$field_values = $this->getSubmittedFields($event);
-			$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+			$object->SetFieldsFromHash($this->getSubmittedFields($event));
 
 			if ( !$object->ValidateField('RecommendEmail') ) {
 				$event->status = kEvent::erFAIL;
@@ -690,8 +668,10 @@
 					$object->Load($id);
 				}
 
-				$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
 				$object->setID($id);
+				$object->SetFieldsFromHash($field_values);
+				$event->setEventParam('form_data', $field_values);
+
 				$object->Validate();
 			}
 
@@ -713,8 +693,7 @@
 			$object = $event->getObject( Array ('form_name' => 'subscription') );
 			/* @var $object UsersItem */
 
-			$field_values = $this->getSubmittedFields($event);
-			$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+			$object->SetFieldsFromHash($this->getSubmittedFields($event));
 
 			if ( !$object->ValidateField('SubscriberEmail') ) {
 				$event->status = kEvent::erFAIL;
@@ -848,8 +827,7 @@
 			$object = $event->getObject( Array ('form_name' => 'forgot_password') );
 			/* @var $object kDBItem */
 
-			$field_values = $this->getSubmittedFields($event);
-			$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+			$object->SetFieldsFromHash($this->getSubmittedFields($event));
 
 			$user = $this->Application->recallObject('u.tmp', null, Array ('skip_autoload' => true));
 			/* @var $user UsersItem */
@@ -1083,9 +1061,11 @@
 			$object = $event->getObject( Array ('skip_autoload' => true) );
 			/* @var $object kDBItem */
 
-			$object->setID($id);
 			$object->IgnoreValidation = true;
-			$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+
+			$object->setID($id);
+			$object->SetFieldsFromHash($field_values);
+			$event->setEventParam('form_data', $field_values);
 		}
 
 		/**
@@ -1198,8 +1178,10 @@
 
 				$this->RemoveRequiredFields($object);
 				$object->SetDBField('RootPassword', $this->Application->ConfigValue('RootPass'));
-				$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+
 				$object->setID(-1);
+				$object->SetFieldsFromHash($field_values);
+				$event->setEventParam('form_data', $field_values);
 
 				if ( $object->Validate() ) {
 					// validation on, password match too
@@ -1215,9 +1197,12 @@
 				}
 			}
 			else {
+				/** @var kDBItem $object */
 				$object = $event->getObject();
-				$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
 
+				$object->SetFieldsFromHash($field_values);
+				$event->setEventParam('form_data', $field_values);
+
 				if ( !$object->Update() ) {
 					$event->status = kEvent::erFAIL;
 					$event->redirect = false;