Why don’t you add a boolean ‘isAdmin’ to the user datatype and use this to restrict the access to the admin panel?
I see some problems with your approach especially because the user that ‘logs in’ using your admin credentials does not have any user session (I assume the login is available without being logged in). So if someone has the link to the admin panel, he will be able to see the page (!) even without your authentication.
If you really want to stick with your approach, you can create a workflow for your button. Add a condition (only when) and check if your id and pass match an entry, if true, redirect to the admin page.
If you don’t want a login system, you could recycle it:
The admin panel could be only accessible by ‘users’ logged in. What you can do is do a password field and upon clicking the login button log a default user in with a predefined email (hardcode the login email). The result would be a real session and you could do “if current user is logged in” to secure the panel.