Question:
First of all, thank you all for your help to pass my login to Mysqli, now the issue is that it enters with any password, I think it must be some error in the query, I leave the code and they tell me how it is. Thanks!!
$sentencia = $con->prepare("SELECT id, nombre, skin, nivel, adminlvl FROM cuenta WHERE nombre=? OR email=? AND pass=? ");
$sentencia->bind_param("sss", $nombre_str, $email_str, $pass_str);
$sentencia->execute();
$sentencia->store_result();
Answer:
The problem may be the precedence of the logical operators, in your case you are using the OR and AND statements, in MySQL the precedence of the operators is as follows from highest to lowest:
INTERVAL
BINARY, COLLATE
!
- (unary minus), ~ (unary bit inversion)
^
*, /, DIV, %, MOD
-, +
<<, >>
&
|
= (comparison), <=>, >=, >, <=, <, <>, !=, IS, LIKE, REGEXP, IN
BETWEEN, CASE, WHEN, THEN, ELSE
NOT
AND, &&
XOR
OR, ||
= (assignment), :=
In this case, the AND will be evaluated first, so if the name or email are correct, the OR statement will be valid, to correct this you should use parentheses
SELECT id, nombre, skin, nivel, adminlvl FROM cuenta WHERE (nombre=? OR email=?) AND pass=?
For more information on operator precedence in MySQL check out:
http://dev.mysql.com/doc/refman/5.7/en/operator-precedence.html