--- drupalvb.inc.1.9.4.20.php	2008-10-15 02:07:50.000000000 +0200
+++ drupalvb.inc.php	2008-10-15 02:39:34.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: drupalvb.inc.php,v 1.9.4.20 2008/10/15 00:07:50 sun Exp $
+// $Id: drupalvb.inc.php,v 1.9.4.21 2008/10/15 00:39:34 sun Exp $
 
 /**
  * @file
@@ -34,12 +34,17 @@ function drupalvb_set_login_cookies($use
   $now = time();
   $expire = $now + (@ini_get('session.cookie_lifetime') ? ini_get('session.cookie_lifetime') : 60 * 60 * 24 * 365);
 
+  // Clear out old session (if available).
+  if (!empty($_COOKIE[$cookie_prefix .'sessionhash'])) {
+    drupalvb_db_query("DELETE FROM {session} WHERE sessionhash = '%s'", $_COOKIE[$cookie_prefix .'sessionhash']);
+  }
+
   // Setup user session.
-  $sessionhash = md5('drupalvb'. $vbuser['userid']);
   $ip = implode('.', array_slice(explode('.', drupalvb_get_ip()), 0, 4 - $vb_options['ipcheck']));
   $idhash = md5($_SERVER['HTTP_USER_AGENT'] . $ip);
+  $sessionhash = md5($now . request_uri() . $idhash . $_SERVER['REMOTE_ADDR'] . user_password(6));
 
-  drupalvb_db_query("INSERT IGNORE INTO {session} (sessionhash, userid, host, idhash, lastactivity, location, useragent, loggedin) VALUES ('%s', %d, '%s', '%s', %d, '%s', '%s', %d)", $sessionhash, $vbuser['userid'], $_SERVER['REMOTE_ADDR'], $idhash, $now, '/forum/', $_SERVER['HTTP_USER_AGENT'], 2);
+  drupalvb_db_query("REPLACE INTO {session} (sessionhash, userid, host, idhash, lastactivity, location, useragent, loggedin) VALUES ('%s', %d, '%s', '%s', %d, '%s', '%s', %d)", $sessionhash, $vbuser['userid'], substr($_SERVER['REMOTE_ADDR'], 0, 15), $idhash, $now, '/forum/', $_SERVER['HTTP_USER_AGENT'], 2);
 
   // Setup cookies.
   setcookie($cookie_prefix .'sessionhash', $sessionhash, $expire, $cookie_path, $cookie_domain);
@@ -55,7 +60,7 @@ function drupalvb_set_login_cookies($use
  *
  * @see drupalvb_logout(), drupalvb_user_logout()
  */
-function drupalvb_clear_cookies($userid) {
+function drupalvb_clear_cookies($userid = NULL) {
   $vb_config = drupalvb_get('config');
   $vb_options = drupalvb_get('options');
 
@@ -80,24 +85,24 @@ function drupalvb_clear_cookies($userid)
  * Determines the IP address of current user.
  */
 function drupalvb_get_ip() {
-  $alt_ip = $_SERVER['REMOTE_ADDR'];
+  $ip = $_SERVER['REMOTE_ADDR'];
 
   if (isset($_SERVER['HTTP_CLIENT_IP'])) {
-    $alt_ip = $_SERVER['HTTP_CLIENT_IP'];
+    $ip = $_SERVER['HTTP_CLIENT_IP'];
   }
   else if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $matches)) {
-    // Make sure we dont pick up an internal IP defined by RFC1918
-    foreach ($matches[0] AS $ip) {
-      if (!preg_match("#^(10|172\.16|192\.168)\.#", $ip)) {
-        $alt_ip = $ip;
+    // Make sure we don't pick up an internal IP defined by RFC1918.
+    foreach ($matches[0] as $match) {
+      if (!preg_match("#^(10|172\.16|192\.168)\.#", $match)) {
+        $ip = $match;
         break;
       }
     }
   }
   else if (isset($_SERVER['HTTP_FROM'])) {
-    $alt_ip = $_SERVER['HTTP_FROM'];
+    $ip = $_SERVER['HTTP_FROM'];
   }
-  return $alt_ip;
+  return $ip;
 }
 
 /**
