Bypass login?
The login routine is hosted in
/server/ajax/user_manager.php
The following line checks for the login.
$userObj = new C_User($_POST['username'],$_POST['password']);
Then once simply checks for status returned from
$userObj->loggedIn
, and set session variable.