diff --git a/database.php b/database.php
index 674a599..91d4f63 100644
--- a/database.php
+++ b/database.php
@@ -232,10 +232,8 @@ class mxDatabase
 
 		if ($res->fetchColumn() > 0) {
 			$sql = "SELECT first_name, last_name, email, password_hash FROM logins "
-				. " WHERE localpart = '" . $localpart . "' LIMIT 1;";
+				. " WHERE localpart = '" . $localpart . "' AND active = 1 LIMIT 1;";
 			foreach ($this->db->query($sql) as $row) {
-				error_log($password . "-" . $row["password_hash"]);
-				// will only be executed once
 				if (password_verify($password, $row["password_hash"])) {
 					return $row;
 				}
@@ -281,12 +279,12 @@ class mxDatabase
 		$term = filter_var($search_term, FILTER_SANITIZE_STRING);
 		$result = array();
 		$sql = "SELECT COUNT(*) FROM logins WHERE"
-			. " localpart LIKE '" . $term . "%';";
+			. " localpart LIKE '" . $term . "%' AND active = 1;";
 		$res = $this->db->query($sql);
 
 		if ($res->fetchColumn() > 0) {
 			$sql = "SELECT first_name, last_name, localpart FROM logins WHERE"
-				. " localpart LIKE '" . $term . "%';";
+				. " localpart LIKE '" . $term . "%' AND active = 1;";
 			foreach ($this->db->query($sql) as $row) {
 				array_push($result, [
 					"display_name" => $row["first_name"] . " " . $row["last_name"],
@@ -301,12 +299,12 @@ class mxDatabase
 		$term = filter_var($search_term, FILTER_SANITIZE_STRING);
 		$result = array();
 		$sql = "SELECT COUNT(*) FROM logins WHERE"
-			. " email = '" . $term . "';";
+			. " email = '" . $term . "' AND active = 1;";
 		$res = $this->db->query($sql);
 
 		if ($res->fetchColumn() > 0) {
 			$sql = "SELECT first_name, last_name, localpart FROM logins WHERE"
-				. " email = '" . $term . "';";
+				. " email = '" . $term . "' AND active = 1;";
 			foreach ($this->db->query($sql) as $row) {
 				array_push($result, [
 					"display_name" => $row["first_name"] . " " . $row["last_name"],
diff --git a/internal/identity_bulk.php b/internal/identity_bulk.php
index 0a2feff..3768a70 100644
--- a/internal/identity_bulk.php
+++ b/internal/identity_bulk.php
@@ -6,6 +6,10 @@ $response = [
 try {
     $inputJSON = file_get_contents('php://input');
     $input = json_decode($inputJSON, TRUE);
+    if (!isset($input)) {
+	throw new Exception('request body is no valid json');
+    }
+
     if (!isset($input["lookup"])) {
         throw new Exception('"lookup" is not defined');
     }
@@ -36,7 +40,6 @@ try {
                 }
 		break;
             case "msisdn":
-                error_log("sb requested a bulk lookup for msisdn");
                 break;
             default:
                 throw new Exception("unknown type for \"by\" param");