Well, just going on what you've said about altering the password checking part of the script, I'd say the culprit for failing the check would be this part:
&& $_COOKIE['user_key'] == sha1($ckey)
If you echo these 2 values to the screen, what do you get? Do they match? If not, what's the difference?
If they do match, then you need to find out which of the conditions is failing. Display the variable values (use die($_COOKIE['user_key']."<br />".sha1($ckey)); or something so your values don't get overwritten by your page) and see if they are what you would expect.