remove the third condition of the rule:
Restrict if: <?php echo $_SESSION['userVerified']; ?> = 0
When the user registers the userVerified session is not set, so it evaluates the conditions as:
Restrict if: <?php echo $_SESSION['SecurityAssist_UserID']; ?> =
SecurityAssist_UserID Has a value, so look at next rule
Allow if: <?php echo $_SESSION['userVerified']; ?> = 1
userVerified does not have a value, so is not = to 1, look at next rule
Restrict if: <?php echo $_SESSION['userVerified']; ?> = 0
userVerified does not have a value, so is not = to 0. Since this is the last rule it will allow access since it cant restrict access.