We have database.db, containing hashed SHA-1 password of admin: 0e[numbers]. With type juggling in PHP, we just need to find input that has SHA-1 of 0e[any_numbers], e.g. aaroZmOk Login with admin:aaroZmOk and get the flag.