Rating:

* Add debug=1 to URL to get the source code.

https://jerry.winja.site/?username=admin&password=123123&submit=Login&debug=1
* View the source you can find a secret string handle params value by preg_replace, so you must double this string.
* Add this to url to get flag

https://jerry.winja.site/?username=admin&password=123123&submit=Login&value=roseytheroseytherehappyrehappy