bugfix

auth.py

@@ -41,7 +41,7 @@ def auth_required(func):
 				"FROM user_info LEFT JOIN user_session "
 				"ON (user_info.id = user_session.user_id) "
 				"WHERE user_info.id = $1 AND user_session.id = $2 "
-				"AND user_session.expires > NOW()",
+				"AND user_info.active = TRUE AND user_session.expires > NOW()",
 				user_id, sid)
 		if session:
 			request['session'] = dict(session)

tools.py

@@ -54,6 +54,7 @@ async def send_confirmation(request, user_id, to_addr):
 	confirm_url = request.app.router['register'].url_for().with_query(d)
 	confirm_url = 'https://' + config.server_domain + str(confirm_url)
 	body = "Buckle up.\n" + confirm_url
+	send_mail(to_addr, "Confirm Email", body)
 
 
 async def validate_register(request, form):