Looks like there's some protection in check_useraccount.php against faking cookies or session variables:
Code:
if ($HTTP_POST_VARS["login"] || $HTTP_GET_VARS["login"] || $HTTP_COOKIE_VARS["login"] || $HTTP_POST_VARS["login_type"] || $HTTP_GET_VARS["login_type"] || $HTTP_COOKIE_VARS["login_type"]) {
header("Location: ../customer/error_message.php?access_denied");
exit();
}
Please be encourage to make this monologue a dialogue
