It happens on the checkout page. You can try it with this email www.soleusrunning.com (firstname.lastname@example.org)
It won't even to go the confirm page. However it seems like the checkout button does goto the confirm page and it sets the redirect back with the valid=false url variable.
It seems on line 177 of the confirm.php file it is checking to see if the user exists based on the UserEmail and UserPassword. It obviously doesn't find it if the user already exists because of the random password.
Should I take out the AND UserPassword = %s from the query string to it find the record just based on the UserEmail?
Let me know your thoughts,