diff --git a/account/tbacct.in b/account/tbacct.in
index 2fadea8f61e2832b8afc4d25496cf47dc902810f..4c92d41bef571ef6fbcd050d55914d1a03cb4ec8 100644
--- a/account/tbacct.in
+++ b/account/tbacct.in
@@ -1133,9 +1133,13 @@ sub DeactivateUser()
 sub ReactivateUser()
 {
     #
-    # Only admin people can do this.
+    # Only admin people can do this to another user, but we do allow a
+    # user to reactivate themselves, as from the web interface when they
+    # log in and the account has been deactivated for lack of use.
     #
-    if (! TBAdmin($UID)) {
+    if (! (TBAdmin($UID) ||
+	   ($target_user->SameUser($this_user) &&
+	    $status eq USERSTATUS_ACTIVE))) {
 	fatal("You do not have permission to reactivate user $user.");
     }
     #
@@ -1160,13 +1164,6 @@ sub ReactivateUser()
     UpdateUser(0) == 0
 	or fatal("Cannot reactivate $user");
 
-    #
-    # Invoke as real user for auditing.
-    #
-    $EUID = $UID;
-    system("$SETGROUPS $user");
-    $EUID = 0;
-    
     return 0;
 }
 
diff --git a/www/tbauth.php3 b/www/tbauth.php3
index 0a20056ddea168824909ef827151dd94739858f4..8a9a80c2360066cb31c049b9ef43511b726e112f 100644
--- a/www/tbauth.php3
+++ b/www/tbauth.php3
@@ -891,11 +891,6 @@ function DOLOGIN($token, $password, $adminmode = 0, $nopassword = 0) {
 	    $user->UpdateWebLoginFail();
 	    return DOLOGIN_STATUS_WEBFREEZE;
 	}
-        # inactive users need special handling for now.
-	if ($user->status() == TBDB_USERSTATUS_INACTIVE) {
-	    return DOLOGIN_STATUS_INACTIVE;
-	}
-
 	if (!$nopassword) {
 	    $encoding = crypt("$password", $db_encoding);
 	    if (strcmp($encoding, $db_encoding)) {
@@ -923,6 +918,16 @@ function DOLOGIN($token, $password, $adminmode = 0, $nopassword = 0) {
 	#
 	# Pass!
 	#
+        
+        # But inactive users need special handling.
+	if ($user->status() == TBDB_USERSTATUS_INACTIVE) {
+            # Try to reactivate the user. If we fail for some reason, fall
+            # back to just telling them they are inactive. Otherwise we can
+            # proceed with login.
+            if (ReactivateUser($user)) {
+                return DOLOGIN_STATUS_INACTIVE;
+            }
+	}
 
 	#
 	# Set adminmode off on new logins, unless user requested to be
@@ -1374,6 +1379,22 @@ function BumpLogoutTime()
     return 0;
 }
 
+#
+# Reactivate user.
+#
+function ReactivateUser($user)
+{
+    $user->SetStatus(TBDB_USERSTATUS_ACTIVE);
+    $uid = $user->uid();
+
+    if (SUEXEC($uid, "nobody",
+               "webtbacct reactivate $uid", SUEXEC_ACTION_CONTINUE)) {
+        $user->SetStatus(TBDB_USERSTATUS_INACTIVE);
+        return -1;
+    }
+    return 0;
+}
+
 #
 # Beware empty spaces (cookies)!
 #