diff --git a/src/routes/authentication.js b/src/routes/authentication.js
index 99a7986c0b..42139e87c4 100644
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@@ -97,9 +97,6 @@
 				return res.redirect(nconf.get('relative_path') + '/register' + (err.message ? '?error=' + err.message : ''));
 			}
 
-			delete userData['password-confirm'];
-			delete userData['_csrf'];
-
 			user.create(userData, function(err, uid) {
 				if (err || !uid) {
 					return res.redirect(nconf.get('relative_path') + '/register');
diff --git a/src/user/create.js b/src/user/create.js
index b3b556edb7..ede0202b2b 100644
--- a/src/user/create.js
+++ b/src/user/create.js
@@ -13,18 +13,37 @@ var async = require('async'),
 module.exports = function(User) {
 
 	User.create = function(userData, callback) {
-		userData = userData || {};
+		var gravatar = User.createGravatarURLFromEmail(userData.email);
+		var timestamp = Date.now();
+		var password = userData.password;
+
+		userData = {
+			'username': userData.username.trim(),
+			'email': userData.email,
+			'joindate': timestamp,
+			'picture': gravatar,
+			'gravatarpicture': gravatar,
+			'fullname': '',
+			'location': '',
+			'birthday': '',
+			'website': '',
+			'signature': '',
+			'uploadedpicture': '',
+			'profileviews': 0,
+			'reputation': 0,
+			'postcount': 0,
+			'lastposttime': 0,
+			'banned': 0,
+			'status': 'online'
+		};
+
 		userData.userslug = utils.slugify(userData.username);
 
-		userData.username = userData.username.trim();
 		if (userData.email !== undefined) {
 			userData.email = userData.email.trim();
 			userData.email = validator.escape(userData.email);
 		}
 
-		var password = userData.password;
-		userData.password = null;
-
 		async.parallel({
 			emailValid: function(next) {
 				if (userData.email) {
@@ -104,37 +123,14 @@ module.exports = function(User) {
 			}
 
 			db.incrObjectField('global', 'nextUid', function(err, uid) {
-				if(err) {
+				if (err) {
 					return callback(err);
 				}
 
-				var gravatar = User.createGravatarURLFromEmail(userData.email);
-				var timestamp = Date.now();
-
-				userData = utils.merge({
-					'uid': uid,
-					'username': userData.username,
-					'userslug': userData.userslug,
-					'fullname': '',
-					'location': '',
-					'birthday': '',
-					'website': '',
-					'email': userData.email || '',
-					'signature': '',
-					'joindate': timestamp,
-					'picture': gravatar,
-					'gravatarpicture': gravatar,
-					'uploadedpicture': '',
-					'profileviews': 0,
-					'reputation': 0,
-					'postcount': 0,
-					'lastposttime': 0,
-					'banned': 0,
-					'status': 'online'
-				}, userData);
+				userData.uid = uid;
 
 				db.setObject('user:' + uid, userData, function(err) {
-					if(err) {
+					if (err) {
 						return callback(err);
 					}