diff --git a/account.php b/account.php
index b9effe186f28a96db075691ddfb84a4a4a05999c..d9c0793f996084f16c0824109816179c7198c760 100644
--- a/account.php
+++ b/account.php
@@ -37,9 +37,9 @@ elseif ($thisclient) {
     // Existing client (with an account) updating profile
     else {
         $user = User::lookup($thisclient->getId());
-        $content = Page::lookup(Page::lookupByType('registration-thanks'));
+        $content = Page::lookup(Page::getIdByType('registration-thanks'));
         $inc = isset($_GET['confirmed'])
-            ? 'registration.confirmed.inc.php' : 'profile.inc.php';
+            ? 'register.confirmed.inc.php' : 'profile.inc.php';
     }
 }
 
@@ -81,7 +81,7 @@ elseif ($_POST) {
     if (!$errors) {
         switch ($_POST['do']) {
         case 'create':
-            $content = Page::lookup(Page::lookupByType('registration-confirm'));
+            $content = Page::lookup(Page::getIdByType('registration-confirm'));
             $inc = 'register.confirm.inc.php';
             $acct->sendResetEmail('registration-client');
         }
diff --git a/include/class.auth.php b/include/class.auth.php
index 1cd2c584fcd0dd862403fc2e4f1a067fccefa7bb..d778401d9c4692b518b5d7f9d87585bdde1d6937 100644
--- a/include/class.auth.php
+++ b/include/class.auth.php
@@ -128,17 +128,23 @@ abstract class AuthenticationBackend {
             // All backends are queried here, even if they don't support
             // authentication so that extensions like lockouts and audits
             // can be supported.
-            $result = $bk->authenticate($username, $password);
-            if ($result instanceof AuthenticatedUser
-                    && ($bk->login($result, $bk)))
-                return $result;
-            elseif ($result instanceof AccessDenied) {
+            try {
+                $result = $bk->authenticate($username, $password);
+                if ($result instanceof AuthenticatedUser
+                        && ($bk->login($result, $bk)))
+                    return $result;
+                elseif ($result instanceof AccessDenied) {
+                    break;
+                }
+            }
+            catch (AccessDenied $e) {
+                $result = $e;
                 break;
             }
         }
 
         if (!$result)
-            $result = new  AccessDenied('Access denied');
+            $result = new AccessDenied('Access denied');
 
         if ($result && $result instanceof AccessDenied)
             $errors['err'] = $result->reason;
@@ -413,6 +419,15 @@ abstract class UserAuthenticationBackend  extends AuthenticationBackend {
                 || !($authkey = $bk->getAuthKey($user)))
             return false;
 
+        $acct = $user->getAccount();
+
+        if ($acct) {
+            if (!$acct->isConfirmed())
+                throw new AccessDenied('Account confirmation required');
+            elseif ($acct->isLocked())
+                throw new AccessDenied('Account is administratively locked');
+        }
+
         //Tag the authkey.
         $authkey = $bk::$id.':'.$authkey;
 
@@ -482,9 +497,10 @@ abstract class UserAuthenticationBackend  extends AuthenticationBackend {
 /**
  * This will be an exception in later versions of PHP
  */
-class AccessDenied {
+class AccessDenied extends Exception {
     function __construct($reason) {
         $this->reason = $reason;
+        parent::__construct($reason);
     }
 }
 
diff --git a/include/class.client.php b/include/class.client.php
index 910be9b4bfdfcb548c727caa7bbd079f34f565fd..8dfb211a8b95603ef9bf67ea1734ed4eb4e599f6 100644
--- a/include/class.client.php
+++ b/include/class.client.php
@@ -59,6 +59,7 @@ abstract class TicketUser {
         $vars = array(
             'url' => $ost->getConfig()->getBaseUrl(),
             'ticket' => $this->getTicket(),
+            'user' => $this,
             'recipient' => $this);
 
         $msg = $ost->replaceTemplateVariables(array(
@@ -348,6 +349,7 @@ class ClientAccount extends ClientAccountModel {
         $vars = array(
             'url' => $ost->getConfig()->getBaseUrl(),
             'token' => $token,
+            'user' => $this->getUser(),
             'recipient' => $this->getUser(),
             'link' => sprintf(
                 "%s/pwreset.php?token=%s",
diff --git a/include/i18n/en_US/templates/page/registration-client.yaml b/include/i18n/en_US/templates/page/registration-client.yaml
index abc88159708bf854b5f8846ea1f2a14cfdd992ce..ea820a31fb9a6a945a2156a570fb369258225699 100644
--- a/include/i18n/en_US/templates/page/registration-client.yaml
+++ b/include/i18n/en_US/templates/page/registration-client.yaml
@@ -12,13 +12,13 @@ notes: >
     verification. Please use %{link} somewhere in the body.
 name: "Welcome to %{company.name}"
 body: >
-    <h3><strong>Hi %{user.name.first},</strong></h3> We've created an
+    <h3><strong>Hi %{recipient.name.first},</strong></h3> We've created an
     account for you at our help desk at %{url}.<br />
     <br />
     Please follow the link below to confirm your account and gain access to
     your tickets.<br />
     <br />
-    <a href="%{reset_link}">%{confirmation_link}</a><br />
+    <a href="%{link}">%{link}</a><br />
     <br />
     <em style="font-size: small">Your friendly Customer Support System<br
     />%{company.name}</em>