Sourcecodester Simple Cashiering System (POS) unauthenticated SQLi allows authentication bypass with admin privileges

Looking for vulnerabilities in some project in Sourcecodester I found the Simple Cashiering System (POS) so I put my enviroment ready to hunt bugs and the first one that I found was an SQLi in the login form that allows authentication bypass as admin.

vulnerable URL: http://localhost/cashiering/login.php

affected fielt: username

payload: admin' or '1'='1--

notice that is necessary to put something as password(it can be any char)