In zp_auth.php:
if (isset($_COOKIE['zenphoto_auth'])) {
[code for pre-authenticated sessions]
} else {
[code to handle new logins from form]
}
However, if the zenphoto_auth cookie is not valid, you cannot login at all because the form handling is handled in the else. The form handling should be outside of an else altogether.