I've done something similar but I called "password" the "invitation code".
I added a table relating the code to a subsite, and modified /register/user-join to a) accept a URL var containing the code, and b) to do a db lookup to verify the code. I placed this custom version of user-join in /nregister/user-join.{tcl,adp,xql}. If the code is valid, the custom user-join adds the requesting user to a subsite group (awaiting approval). In my case, the approval is processed by a subsite admin. In your case you could just add the requestor as an approved member (depending on the subsite join policy of course) and redirect them to the requested subsite.
The reason for placing this custom user-join in /nregister instead of as a page under the subsite is to handle the case where the requesting user is not a (logged in) registered user. The Request Processor will not serve the subsite page (unless the subsite is wide open) to a non-authenticated user. DO NOT place the custom user-join page under /register as this area is handled 'specially' and the redirect to the requested page after registration will not work (involves special handling of return_url under /registration).
You could send out a mail message which contains a link (to /nregister/user-join) with the embedded URL var. This way the invitee simply follows the link to join the subsite. If the subsite requires a registered user and the requestor is not registered, the normal user registration is presented prior to allowing the request to be satisfied.
Randy
