SQLInjection3

Below is actual code in use here for this login page. Your task is to login as the Admin user. You dont know the password, but you do know that there are two Admin users with the same username in this database. 
function awesomeSQLFilter($username, $password){
  $sqlCommands = array("AND", "OR", "SELECT", "DELETE", "DROP", "CREATE", "LIKE",
        "JOIN", "UNION", "LIMIT", "ORDER BY", "REGEXP", "WHERE", "INSERT", "UPDATE",
        "HAVING", "DISTINCT", "TRUNCATE", "-", ";");
  //Nobody can use any sql commands in their username or password!
  $oldUsername = $username;
  $oldPassword = $password;
  $wasModified = true;
  while($wasModified){
    $wasModified = false;
    foreach($sqlCommands as $command){
      $username = str_ireplace($command, "", $username);
      $password = str_ireplace($command, "", $password);
    }
    if($username!==$oldUsername or $password!==$oldPassword) $wasModified = true;
    $oldUsername = $username;
    $oldPassword = $password;
  }
  return array($username, $password);
}

function checkUserPass($db, $username, $password){
  if (!$db) { echo "Error connecting to database."; return false;}
  //security because logins are important!!
  list($username, $password) = awesomeSQLFilter($username, $password);
  $result = sqlite_query($db, "SELECT 1 FROM Users WHERE username='$username' AND privileges='administrator' AND password='$password' LIMIT 1", $error);
  if(!$result) { echo htmlentities($error, ENT_QUOTES); return false;}
  $num_rows = sqlite_num_rows($result);
  sqlite_close($db);
  if($num_rows==1) return true;
  return false;
}
Note: A real database is used for this challenge, and it is rolled back after each attempt.

You must be logged in order to submit an answer.


Challenge by ynori7.