Does it say bad password if you get the underlying SQL code correct?

No, it doesn't...what is the precise error you get?

Not sure how much I can post without doing spoilers but basically trying to use logic statements under username says "Query cannot be processed" If you did say admin' (finishes the User part of SQL, then do your boolean 1=1 etc and finish the SQL with ';' and comment our rest of the SQL statement it should work. Then type anything into pass to get pass the check fields are not empty etc. My alternative approach was to fix the underlying SQL statement so I could at least determine how it's structured and go from there but no matter what I put in either fields I can't get it to do a straight forward bad password return.

Your alternative approach won't work because the challenge is almost entirely hard coded. To answer your question, you don't need the semi-colon. Hope this helps.