Tags: web session
Rating:
Relevant code from login.php:
```
$_SESSION['id'] = $identifier;
if($type === 'team_name') {
if(verify_teamname_password($team_name, $password) === true) {
$_SESSION['logged_in'] = true;
redirect('/homepage.php');
```
As you may notice `$SESSION['id']` being set before password check.
So you just auth with legit credentials and then "fail" next auth attempt as `admin`.
