diff --git a/checkin_notes b/checkin_notes
index b0af42e9e5..9df71670a5 100755
--- a/checkin_notes
+++ b/checkin_notes
@@ -11216,3 +11216,13 @@ David  19 Oct 2006
         cs_statefile.C
     html/inc/
         cert.inc
+
+Rytis  19 Oct 2006
+    - user web: allow account creation via an RPC when invitation code is
+        required.
+        
+    html/
+        user/
+            create_account.php
+        inc/
+            xml.inc
\ No newline at end of file
diff --git a/html/inc/xml.inc b/html/inc/xml.inc
index 5f024a7e6e..fa1de50d0d 100644
--- a/html/inc/xml.inc
+++ b/html/inc/xml.inc
@@ -31,6 +31,7 @@ function xml_error($num, $msg=null) {
         case -206: $msg = "Invalid password"; break;
         case -207: $msg = "Email address is not unique"; break;
         case -208: $msg = "Account creation is disabled"; break;
+        case -209: $msg = "Invalid invitation code"; break;
         default: "Unknown error"; break;
         }
     }
diff --git a/html/user/create_account.php b/html/user/create_account.php
index eb585b7a1f..2d8e1d11ba 100644
--- a/html/user/create_account.php
+++ b/html/user/create_account.php
@@ -13,10 +13,17 @@ $retval = db_init_xml();
 if ($retval) xml_error($retval);
 
 $config = get_config();
-if (parse_bool($config, "disable_account_creation") || defined('INVITE_CODES')) {
+if (parse_bool($config, "disable_account_creation")) {
     xml_error(-208);
 }
 
+if(defined('INVITE_CODES')) {
+    $invite_code = process_user_text(get_str("invite_code"));
+    if (!preg_match(INVITE_CODES, $invite_code)) {
+	xml_error(-209);
+    }
+} 
+
 $email_addr = get_str("email_addr");
 $email_addr = process_user_text(strtolower($email_addr));
 $passwd_hash = process_user_text(get_str("passwd_hash"));