diff --git a/app/controllers/words_controller.rb b/app/controllers/words_controller.rb
index 6cc622c49..c9c4dcce3 100644
--- a/app/controllers/words_controller.rb
+++ b/app/controllers/words_controller.rb
@@ -3,6 +3,8 @@
 class WordsController < ApplicationController
   include ApplicationHelper
   before_filter :find_user, :only => [:new, :create, :destroy, :more, :back]
+  before_filter :require_login, :only => [:create_reply]
+
   def create
     if params[:new_form][:user_message].size>0 && User.current.logged?
       unless params[:user_id].nil?
diff --git a/app/models/user.rb b/app/models/user.rb
index e043a5ff9..9c437a186 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -477,7 +477,7 @@ class User < Principal
     end
     if user
       # user is already in local database
-      #return nil unless user.active?
+      return nil if user.locked?
       return nil unless user.check_password?(password)
     else
       # user is not yet registered, try to authenticate with available sources