Use 'user_save' instead of directly manipulating the {users_roles} table.

The patch above had an error in the maintenance-mode handling code; fix attached.

Here is an updated patch that is the same as the patch above, save for the addition of one more bugfix. If a user is blocked or unblocked, then $edit->roles does not exist, causing sudo_user() to throw several warnings. This patch fixes these warnings by skipping the role-change checks when no role information was provided.

Interdiff:

@@ -70,8 +70,9 @@
   // make the change persistent; however, if the update is for the active user, then we ignore
   // the update. You cannot 'sudo' and then make yourself a permanent admin; also, hook_user is
   // called when the "sudo" button is used, we certainly do not want to remove those roles from
-  // the sudo table.
-  if (($op == 'update') && ($user->uid != $account->uid)) {
+  // the sudo table.  Also, note that if a user is blocked or unblocked, the 'roles' field
+  // of the $edit array might not exist.
+  if (($op == 'update') && ($user->uid != $account->uid) && isset($edit->roles)) {
 
     $default_sudo_roles = variable_get('sudo_default_roles', array());
     $save_roles = array_keys($edit['roles']);