Count always returns 1

Navigation
0

I have a form in which the user and password pass by post. I do a count to verify that the user exists, the problem is that he always returns me 1. 

<form action="welcome.php" method="post" role="form" id="login-form" autocomplete="off">
    <div class="form-group">
        <label for="acc" class="sr-only">Cuenta</label>
        <input type="text" name="acc" id="acc" class="form-control" placeholder="Usuario">
    </div>
    <div class="form-group">
        <label for="pass" class="sr-only">Password</label>
        <input type="password" name="pass" id="pass" class="form-control" placeholder="Contraseña">
    </div>
    <div class="checkbox">
        <span class="character-checkbox" onclick="showPassword()"></span>
        <span class="label">Mostrar contraseña</span>
    </div>
    <input type="submit" id="btn-login" class="btn btn-custom btn-lg btn-block" value="Ingresar">   
</form>

class_users.php 

<?php
require('db.php');
class Usuario {
    function checkUser($acc, $pass){
        require('db.php');
        $data = array($acc, md5($pass));
        $stmt = $connection->prepare("SELECT count(*) FROM usuarios where desc_usuario = ? and password = ? ");

        $result = $stmt->execute($data);

        return $result;
    }
}
?>

welcome.php 

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
include('actions/db.php');
include('actions/users/class_users.php');
$acc = $_POST['acc'];
$pass = $_POST['pass'];

$usr = new Usuario();
$user = $usr->checkUser($acc, $pass);
echo $user;
    
asked by GAL 21.08.2017 в 22:50
source

2 answers

2

You are capturing the value of the execution 

$result = $stmt->execute($data);
return $result;

In this case, the response 1 only indicates that the statement was executed. You have to bring the records obtained from that execution. For example 

$resultados = $stmt->fetchAll();
$validos = count($resultados);
return $validos;
    
answered by 22.08.2017 в 13:45
-1

It could be done in this way taking the data of: 

$acc = $_POST['acc'];
$pass = $_POST['pass'];

First, it is necessary to check if the user exists in the database and then verify if the password matches the one in the database. 

$stmt = $connection->prepare("SELECT * FROM usuarios WHERE desc_usuario='$acc'"); //Consulta en la BBDD la existencia del usuario

if ($stmt->num_rows > 0) { //Verifica si el usuario existe
    $pass_db = $row["password"]; //Obtener el pass de la BBDD
    if (password_verify($pass, $pass_db)) {
        echo "Identificado correctamente";
    }
}

On the other hand, I recommend saving the passwords in HASH and not in Md5

To save the password in a register: 

$pass = password_hash(base64_encode(hash('sha384', $input_pass, true)), PASSWORD_DEFAULT);

And to consult in a login. 

$pass = base64_encode(hash('sha384', $input_pass, true));
    
answered by 21.08.2017 в 23:20
Validate image by JavaScript Why are not my font faces shown?