Frontend preserved as-is. The form action was rewritten from `/login` to `/api/sql-demo/login-html` on museum-ready/original so the form-submit flow reaches the museum's route handler instead of the dead `/login` of the original Express server. Vulnerability surface is unchanged: try `' OR '1'='1' --` in the username field.