I've been looking into this bug, and I've found that it starts in the login.php page.

I've got reason to belive that it is in the coding which pulls the Users UID from the database.

Why do I think this... well if you look at the URL when passing information between pages the coding for the users UID is incorrect straight after the login.php page when Enable Packages is turned on.

I am a PHP and MySQL programmer but unfortuantly do not have a non encrypted version of all the pages which deals from login.php right through to pmt_success.php.

If the admin could be kind enough to provide me all the pages which deals with payments I would be more than happy to have a look and see where the issue lies and correct it. I would be happy to sign anything stating that I would not pass on or use the coding without vShare's permission.