1) It isn't necessary
2) You can hash the password when you enter it on the insert
3) Have another email go to the admin on the verify page and then include a link to the admin user update page where they can actually manually update the verified field to allow access.
4) Just add a link to a logout page with the logout user server behavior applied before page load
5) Change your page update trigger to use the form submit or button press.
6) There is a reference to a recordset on line 11 but that recordset isn't created until line 76... you will have to move the save session code down below the recordset.
It looks like you still have standard mySQL update server behaviors, not mySQLi... but the connection include file isn't on the page. You will have to add a reference to the PowerCMSConnection include to the page probably just below the DBConnection file on line 6.